Hello,
I have been experiencing the following phenomenon concerning multicast streams on a FortiGate 300E :
- after a few hours or days of viewing multicast video streams, one stream (not always the same) will become unavailable on all firewall ports except for one port (but not always the same). The IGMP subscription and PIM route (dense mode) are still in the FortiGate's tables for all the ports requesting the stream.
- I tried clearing multicast routes, igmp groups, multicast sessions and the command "execute router restart", none of this will get the multicast stream back. However, if I reboot the firewall or if it goes to the failover firewall, I will get the stream back.
- If I use the "diag sniffer packet" to see the multicast stream on the one port where it is still available, there are no multicast packets (and no packets dropped by kernel, I tested with auto-offload enable and disabled). However I can see the multicast packets in wireshark on the client computer connected to that port.
I don't understand why these multicast packets that are obviously received by the client computer are not visible with the firewall sniffer (or the packet capture feature).
Has anyone any idea why multicast packets may become invisible to the firewall but still go through?
Also, there seems to be some information stored in cache in the firewall that prevents from getting the stream on all ports requesting it. Where can I find what information is stored in the firewall but flushed during a reboot? Thank you in advance, Simon.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.