Define IGMP-based multicast forwarding
You can configure IGMP-based multicast forwarding for a specified Firewall element.
IGMP-based multicast forwarding (IGMP proxying) is implemented on the Firewall based on RFC 4605. IGMP-based multicast forwarding is only supported in tree topology networks. RFC 4605 includes support for source-specific multicast (SSM) with IGMP version 3. SSM is not supported with IGMP-based multicast forwarding. However, you can configure Access rules that filter multicast traffic based on the source.
The firewall maintains a membership database of the subscriptions from the downstream networks and sends unsolicited reports or leaves on the upstream interface when the subscription database changes. It also sends IGMP membership reports when queried on the upstream interface.
For more details about the product and how to configure features, click Help or press F1.
Steps
Engine Editor > Routing > Multicast Routing
Use this branch to define static multicast, IGMP-based multicast forwarding, or PIM dynamic routing. Only IPv4 addresses are supported.
Option | Definition |
---|---|
Multicast Routing Mode | Specifies how the NGFW Engine routes multicast traffic.
|
Option | Definition |
---|---|
When Multicast Routing Mode is Static Click Add to add a row to the table, or Remove to remove the selected row. |
|
Source Interface | Select the interface to use for multicast routing. |
Source IP Address | Enter the unicast IP address of the multicast source. |
Destination IP Address | Enter the multicast destination IP address. The destination address must be within the multicast range of 224.0.0.0 to 239.255.255.255. |
Destination Interface | Right-click Destination Interface, then select Edit Destination Interface to select the interfaces where you want this multicast traffic forwarded. |
Comment (Optional) |
A comment for your own reference. |
Option | Definition |
---|---|
When Multicast Routing Mode is IGMP Proxy | |
Upstream Interface | Select the interface to use as the upstream interface. If the multicast servers and the hosts are in the local networks, or if you want to limit the multicast to the local networks, it is not necessary to define the upstream interface. In that case, leave Not Set selected. |
Upstream IGMP Version | Select the IGMP version according to the upstream network environment. The default IGMP version is version 3. |
Downstream Interfaces table Click Add to add a row to the table, or Remove to remove the selected row. |
|
Interface | Select the downstream interfaces. |
IGMP Querier Settings | Select an IGMP Querier Settings element according to the downstream network environment. The element defines the IGMP version and query parameters. |
Option | Definition |
---|---|
When Multicast Routing Mode is PIM | |
PIM Profile | Select a PIM Profile to use. The profile contains the multicast groups and determines the PIM mode that is used. |
Multicast Routing Preference | Note: This option is not supported in this version of Forcepoint NGFW.
The routing table is used to specify reverse path forwarding (RPF) information whenever multicast traffic from source addresses uses a different path than
unicast traffic from the same source address.
|
Bootstrap Settings — see RFC 5059 for more information. | |
RP Candidate | If you want to use the firewall as a rendezvous point (RP) candidate, select an IP address. Otherwise, select Not a Candidate. |
RP Priority | Enter a value for the RP priority. |
Multicast Groups | Add the multicast IPv4 networks for which the firewall acts as an RP candidate. Click Add to add a row to the table, or Remove to remove the selected row. |
BSR Candidate | If you want to use the firewall as a bootstrap router (BSR) candidate, select an IP address. Otherwise, select Not a Candidate. |
BSR Priority | Enter a value for the BSR priority. |
IGMP Querier Settings dialog box
Use this dialog box to create an IGMP Querier Settings element.
Option | Definition |
---|---|
Name | The name of the element. |
IGMP Version | Select the version of IGMP to use. |
Query Interval | Enter how often the hello packet is sent in seconds. This option is not supported when IGMP Version is IGMPv1. |
Robustness | Enter the robustness value. If you expect packet loss in the network, increase this value to send more IGMP messages. This option is not supported when IGMP Version is IGMPv1 or when the IGMP Querier Settings element is used for PIM. |
Comment (Optional) |
A comment for your own reference. |
Category (Optional) |
Includes the element in predefined categories. Click Select to select a category. |