Multicast addresses
Multicast addressing defines a specific range of address values set aside for them. Therefore all IPv4 multicast addresses should be between 224.0.0.0 and 239.255.255.255.
More information on the concepts behind Multicast addressing can be found in the Multicast Forwarding section.
Multicast IP range
This type of address will allow multicast broadcasts to a specified range of addresses.
Creating a multicast IP range address
- Go to Policy & Objects > Addresses.
- Select Create New.
l If you use the down arrow next to Create New, select Address.
- Choose the Category, Multicast Address
- Input a Name for the address object.
- Select the Type,Multicast IP Range from the drop-down menu.
- Enter the value for the Multicast IP Range
- Select the Interface from the drop-down menu.
- Enable the Show in Address List function
- Input any additional information in the Comments
- Press
Example: Multicast IP range address
The company has a large high tech campus that has monitors in many of its meeting rooms. It is common practice for company wide notifications of importance to be done in a streaming video format with the CEO of the company addressing everyone at once.
The video is High Definition quality so takes up a lot of bandwidth. To minimize the impact on the network the network administrators have set things up to allow the use of multicasting to the monitors for these notifications. Now it has to be set up on the FortiGate firewall to allow the traffic.
l The range being used for the multicast is 239.5.5.10 to 239.5.5.200 l The interface on this FortiGate firewall will be on port 9
- Go to Policy & Objects> Objects > Addresses and select Create New > Address.
- Fill out the fields with the following information
| Category | Multicast Address |
| Name | Meeting_Room_Displays |
| Type | Multicast IP Range |
| Multicast IP Range | 239.5.5.10-239.5.5.200 |
| Interface | port9 |
| Show in Address List | <enable> |
| Comments | <Input into this field is optional> |
- Select
- Enter the following CLI command:
config firewall multicast-address edit “meeting_room_display” set type multicastrange set associated-interface “port9” set start-ip 239.5.5.10 set end-ip 239.5.5.200 set visibility enable
next
end
To verify that the address range was added correctly:
- Go to Policy & Objects> Objects > Addresses. Check that the addresses have been added to the address list and that they are correct.
- Enter the following CLI command:
config firewall multicast-address
edit <the name of the address that you wish to verify> Show full-configuration
Broadcast subnet
This type of address will allow multicast broadcast to every node on a subnet.
- Go to Policy & Objects > Addresses.
- Select Create New. A drop down menu is displayed. Select Address.
- In theCategory field, choseMulticast Address.
- Input a Name for the address object.
- In the Type field, select Broadcast Subnetfrom the drop down menu.
- In the Broadcast Subnet field enter the address and subnet mask according to the format x.x.x.x/x.x.x.x or the short hand format of x.x.x.x/x.(Remember, it needs to be within the appropriate IP range 224.0.0.0 to 239.255.255.255)
- In the Interface field, leave as the default any or select a specific interface from the drop down menu.
- Select the desired on/off toggle setting for Show in Address List. If the setting is enabled the address will appear in drop down menus where it is an option.
- Input any additional information in the Comments
- Press OK.
Example
| Field | Value |
| Category | Broadcast Subnet |
| Name | Corpnet-B |
| Type | Broadcast Subnet |
| Broadcast Subnet | 224.5.5.0/24 |
| Interface | any |
| Show in Address List | [on] |
| Comments | Corporate Network devices – Broadcast Group B |
Multicast IP addresses
Multicast uses the Class D address space. The 224.0.0.0 to 239.255.255.255 IP address range is reserved for multicast groups. The multicast address range applies to multicast groups, not to the originators of multicast packets. The following table lists the reserved multicast address ranges and describes what they are reserved for:
Reserved Multicast address ranges
| Reserved
Address Range |
Use | Notes |
| 224.0.0.0 to
224.0.0.255 |
Used for network protocols on local networks. For more information, see RFC 1700. | In this range, packets are not forwarded by the router but remain on the local network. They have a Time to Live (TTL) of 1. These addresses are used for communicating routing information. |
| 224.0.1.0 to
238.255.255.255 |
Global addresses used for multicasting data between organizations and across the Internet. For more information, see RFC 1700. | Some of these addresses are reserved, for example, 224.0.1.1 is used for Network Time Protocol (NTP). |
| 239.0.0.0 to
239.255.255.255 |
Limited scope addresses used for local groups and organizations. For more information, see RFC 2365. | Routers are configured with filters to prevent multicasts to these addresses from leaving the local system. |
Creating multicast security policies requires multicast firewall addresses. You can add multicast firewall addresses by going to Firewall Objects > Address > Addresses and selecting Create New > Multicast
Address. The factory default configuration includes multicast addresses for Bonjour (224.0.0.251-224.0.0.251, EIGRP (224.0.0.10-224.0.0.100), OSPF (224.0.0.5-224.0.0.60), all_hosts (224.0.0.1-224.0.0.1), and all_routers (224.0.0.2-224.0.0.2).