List Info

Thread: Urgent: Allow multicast traffics through NGx R65 firewalls
Urgent: Allow multicast traffics through NGx R65 firewalls
country flaguser name
United States		 2008-02-23 20:18:45 
WMS=Windows Media Server
Fwa=SPLAT NGx R65 w/ hfa_02
FWb=SPLAT NGx R65 w/ hfa_02
SCS=SmartCenter
Ra=Router with PIM sparse-mode enable

WMS IP:  192.168.2.2/28 default gw is 192.168.2.1
Ra IP:   192.168.2.1/28 Internal
Ra IP:   192.158.1.4/28 External
FWa IP:  192.168.1.2/28 Internal 
FWb IP:  192.168.1.3/28 Internal
FW cluster IP:  192.168.1.1 Internal
FWa IP:  192.168.1.201/26 External
FWb IP:  192.168.1.202/26 External
FW Cluster IP:  192.168.1.200
FWa IP:  10.1.1.1/28 sync interface IP
FWb IP:  10.1.1.2/28 sync interface IP

I have SPLAT PRO license.  All routing are in place.
NO NAT, just route.  I have a Windows XP with IP
address of 192.168.1.254/26.  XP's default gateway
is 192.168.1.200 (FW cluster IP External).

I want to be able to use multicast through the NGx
firewalls.  I configure both Firewalls to enable
PIM sparse mode.  I've also enabled the Cisco router
for PIM sparse mode.  When I assign the XP machine
with IP address of 192.168.1.5/28, I can use the
browser http://192.168.1.2/m
ulticast.htm and I can
see multicast through the router.

I configure the SPLAT firewall with PIM as follows:
[ExpertNGx-gw1]# router config
localhost.localdomain>enable
localhost.localdomain#config t
localhost.localdomain(config)#interface eth0
localhost.localdomain(config-if)#ip pim sparse-mode
localhost.localdomain(config-if)#exit
localhost.localdomain(config)#interface eth1
localhost.localdomain(config-if)#ip pim sparse-mode
localhost.localdomain(config-if)#exit
localhost.localdomain(config)#ip pim enable
localhost.localdomain(config)#exit
localhost.localdomain#wr mem
IU0 999 Configuration written to '/etc/gated.ami'
localhost.localdomain#quit
[ExpertNGx-gw1]#

When I do "show ip pim neighbor" on the Cisco
router,
I can see the router form PIM neighbor with the Cluster
IP 192.168.1.1.  However, from my Windows XP machine,
I can NOT do http://192.168.2.2/
multicast.htm.

I have rule on the firewall with "Any Any Any Accept
log"
and that I have NO multicast restrictions in the interfaces
topology.  I also have explicit rules for "any any igmp
accept log"
in the security as well.  I am at a lost here

has anyone done this before, multicast through the
firewall,
please help.  

Thanks in advance


       
---------------------------------
Never miss a thing.   Make Yahoo your homepage.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )