FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes that multicast forwarding is used to forward multicast packets between multicast routers and receivers, enabling efficient distribution of data to multiple recipients simultaneously. Applications and services that involve real-time streaming, multimedia content delivery, audio/video conferencing, IPTV, online gaming, and content distribution networks (CDNs) often rely on multicast forwarding to efficiently distribute data to multiple recipients. This knowledge article explains how to forward multicast traffic on a FortiGate device.
Note: Enabling both Multicast Forwarding and Routing simultaneously on the same device or VDOM is not recommended. In the case of multicast traffic, Multicast Forwarding should be enabled when the FortiGate is operating in NAT mode and the objective is to forward multicast packets between multicast routers and receivers. However, it is not advisable to enable Multicast Forwarding when the FortiGate itself is functioning as a multicast router or participating in a routing protocol that utilizes multicast.
It is assumed that multicast traffic needs to be allowed from Port1 to Port2.
Enabling multicast forwarding
By default, Multicast Forwarding is enabled on FortiGate devices and the multicast-forward setting must be used to enable or disable multicast forwarding.
Enable multicast forwarding from CLI using the following commands:
config system setting set multicast-forward enable end
Prevent the TTL for forwarded packets from being changed
To preserve TTL values for forwarded multicast packets, use the multicast-ttl-notchange option. Enable it only if packets expire prematurely before reaching the multicast router.
config system settings set multicast-ttl-notchange enable end
Configure multicast policy for source and destination. This multicast policy only applies to the source interface port1 and the destination interface port2.
Navigate to Policy & Objects -> Multicast -> Create New. Select the source and destination interface with the source and destination IP address. Note: If the Multicast tab is not seen then navigate to System -> Config -> Features. Enable Multicast policy to get it on the GUI (image attached).
config firewall multicast-policy edit 1 set srcintf port1 set dstintf port2 set srcaddr all set dstaddr all next end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.