sending multicast over ssl vpn (ssl.root) not working
on a fortigate, have a multicast feed coming in over a GRE tunnel and passing out to an ethernet fine
Also want ssl vpn users to be able to subscribe, have igmp/pim enabled on gre/ethernet/ssl.root, can see the IGMP joins from both the ethernet and ssl.root interfaces (on the fortigate) but PIM never forwards out the ssl.root interface, just the ethernet, only ever shows the ethernet as a forwarding port, why does pim not also forward out the ssl.root interface.
To make Multicast stream forwarding over SSL-VPN you should configure IP address on ssl.root interface:
config system interface
set ip xxx.xxx.xxx.xxx/32
&Note: The IP address should be from the same pool as SSL-VPN clients IP pool (subnet)
&Note#2: Once one of the clients joins some igmp group, all clients will receive that group (channel) multicast traffic, which may be unwanted from security point of view and may cause performance problems on clients side.
$Note#3: All other traffic (unicast stream, ethernet) are working over SSL-VPN even there is not assigned IP address to ssl.root interface.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.