| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] IP Multicasting Thru FW-1 using MS Media Server
- To: [email protected]
- Subject: Re: [FW-1] IP Multicasting Thru FW-1 using MS Media Server
- From: "James O'Shea" <[email protected]>
- Date: Tue, 1 Jul 2003 09:36:35 -0400
- In-reply-to: <F483FBEE45D09F49903D169A6EF1F@PSBMAIL1> from "Rene, Phil - BLS" at Jun 30, 2003 02:30:57 PM
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
I would offer a few things
1) how do the routers/switches on either side of the firewall know to
pass multicast to/through the firewall? You either have statics(?) or
you can run MRouteD on the firewall (supports DVMRP). It also sounds
like perhaps the transit segments on both sides of the firewall are
not multicast-enabled - is it the switch that is unicasting up against
the firewall? That's not a firewall-1 problem.
2) the firewall rule should look like mcastaddress source ->
mcastaddress DST on this particular mcast group's UDP port ACCEPT
where 'mcastaddress source' and 'dst' are the same (224.x.y.z)
3) some multicast addresses are themselves 'broadcast' addresses
within the multicast block - if you pick a bad multicast group for
your app, you should see the broadcast on *any* and *all* switches
that are joined to that group.
-james
> We have been trying to set up the FW-1's protecting various subnets from our
> production back bone network to support IP Multicast...the MS Media Saerver
> and Vbrick units are on the production backbone and IP Multicast to all
> subnets (without FW-1 firewalls) and subnet switches fine....However when
> the IP multicast hits those subnets protected by the FW-1's...on the
> protected side of the firewall...the protocol changes to unicast and
> broadcast to all ports on the switch....we are using cisco switces and have
> enabled multicast options and protocols on them...we know that the
> work...the problem seems to be the FW-1 not enabling Multicast thru from the
> production backbone to the FW-1 protected subnets can any one assist with a
> solution...I am sure that we are not the only ones with this problem...Best
> Regards...Phil
>
>
> Phillip Rene
> Bureau of Labor Statistics
> 2 Mass Ave
> Washington DC 20212
>> [email protected]
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
