Print Download Documentation Send Feedback

Previous

Next

Interface - Multicast Restrictions

What can I do here?

Use this window to define multicast access restrictions for the interface. These restrictions specify multicast groups (addresses or address ranges) to allow or block.

Getting Here

Getting Here - Gateways & Servers > Select gateway > Edit > Network Management > Click the Expand button > Select an interface > Edit > Advanced

Per Interface Multicast Restrictions

A multicast enabled router forwards multicast datagrams from one interface to another. When multicast is enabled on a Security Gateway, you can define multicast access restrictions on each interface. These restrictions specify multicast groups (addresses or address ranges) to allow or block.

The enforcement is performed on outgoing multicast datagrams. Anti-spoofing makes sure that the source IP address of the packets entering an interface with multicast datagrams is performed on the multicast group address.

Gateway with per-interface multicast restrictions

When no restrictions for multicast datagrams are defined, multicast datagrams entering the gateway on one interface are allowed out of all others.

As well as defining a per-interface restrictions, a rule must also be defined in the Firewall Rule Base that allows multicast traffic and required services. The Destination of this rule must allow the required multicast groups.

VPN connections

Multicast traffic can be encrypted and sent across VPN links that are defined using multiple VPN tunnel interfaces (virtual interfaces associated with the same physical interface).

Multicast Restriction Options