List Info

Thread: Checkpoint and multicast traffics
Checkpoint and multicast traffics
country flaguser name
United States		 2008-02-28 11:48:32 
I have a requirement to make multicast work across
Checkpoint
 firewalls NGx R65 with HFA_02 SPLAT ASAP.
 
 Scenario:
 
 I have a Windows Media Server on VLAN_A.  VLAN_A is in 
 IP address of 192.168.1.64/28.  Windows media server
 IP address is 192.168.70/28. Windows media server's 
 default gateway is 192.168.1.65.
 
 I have a Cisco router 3845 running IOS 12.4.  This
 cisco router is in both VLAN_A and VLAN_B.  In VLAN_A,
 the router has an ip address of 192.168.65/28.  In VLAN_B,
 it has an IP address of 192.168.1.4/28.  The router
 has a default gateway of 192.168.1.1.  
 
 I enable multicast PIM dense mode on the router.  Hosts
 on VLAN_B can get multicast audio/video streaming from
 the Windows media server without any issues.
 
 I have a pair of checkpoint NGx R65 with hfa_02 SPLAT 
 firewalls running in Active/Active mode.  Internal
 network is VLAN_B.  External network is in VLAN_C.  
 Sync connectivity is in VLAN_D, as follows:
 
 fwA =  192.168.1.2/28, 192.168.0.2/24, sync( 10.1.1.1/28)
 fwB =  192.168.1.3/28  192.168.0.3/24  sync (10.1.1.2/28)
 VIP =  192.168.1.1/28  192.168.0.1/24  
 
 
 I have SPLAT PRO on the enforcement modules so PIM is
there.
 I have rule on the firewall to allow EVERYTHING.  In other
 words, it is "Any  Any  Any Accept log".
 
 Hosts on VLAN_C can get to hosts on VLAN_A without any
ssues.
 The issue is that I can NOT get multicast traffics to go
across 
 the firewall.  When I am on the router, I see this:
 
 Cisco>sh ip pim nei
 PIM Neighbor Table
 Mode: B - Bidir Capable, DR - Designated Router, N -
Default DR Priority,
 S - State Refresh Capable
 Neighbor          Interface                Uptime/Expires  
 Ver   DR
 Address                                                    
       Prio/Mode
 192.168.1.1      FastEthernet1/0          07:57:10/00:01:35
v2    1 / DR
 Cisco>
 
 On the SPLAT firewall, I see this:
 localhost.localdomain#sh ip pim nei
 PIM Neighbor Table
 Neighbor Address   Interface       Uptime     Expires   
Mode
 192.168.1.4        eth1            2d18h      00:01:29  
dense
 localhost.localdomain#
 
 Routing is verified is good.  I have connectivity between
VLAN A, B and C without
issue.


 What it means is that both the firewall and the router can
see each other as
 PIM neighbor but multicast traffics do not work.
 
 Anyone know why?
       
---------------------------------
Never miss a thing.   Make Yahoo your homepage.

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )