Saturday, December 10, 2011

Checkpoint and Multicast Traffic

In order to allow multicast traffic by the gateway, you need to follow sk35996, In addition you also need to create an allow rule with the service “pim”.

Regarding sk31190 Secure platform pro needs to be enabled if you would like the gateway to participate in the multicasting traffic.

If you just want to let that traffic pass through the gateway and the gateway does not need to perform any dynamic routing decisions then there is no need to enable Splat Pro.

Some tips,
# tcpdump ip multicast  will show you multicast packets..

to enable Secure Platform Router Config mode type “pro enable”
This will need a license of “Advanced Routing Blade”
Lets enable multicast routing with sparse mode

[Expert@NGx-gw1]# router config
localhost.localdomain>enable
localhost.localdomain#config t
localhost.localdomain(config)#interface eth0
localhost.localdomain(config-if)#ip pim sparse-mode
localhost.localdomain(config-if)#exit
localhost.localdomain(config)#interface eth1
localhost.localdomain(config-if)#ip pim sparse-mode
localhost.localdomain(config-if)#exit
localhost.localdomain(config)#ip pim enable
localhost.localdomain(config)#exit
localhost.localdomain#wr mem