Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to enable/configure multicast?

reallinx

Hi,

I have the following setup:

  • Sophos XG 85 Firewall (Wifi)
  • DMZ Zone (VLAN 2 on Port 1)(10.0.1.0/24)
  • Wifi Zone (10.0.2.0/24)

I have the following devices:

  • Raspberry Pi as Home Assistant Host (Smart Home) in the DMZ zone
  • Xiaomi Smart Home Gateway in the WIFI zone (To talk to some humidity and temperature sensors)

The Problem:

The Raspberry Pi and the Xiaomi Device need to be able to talk to each other via multicast. I have looked at a packet capture and the Xiaomi Gateway is sending heartbeats like this: Destination 224.0.0.50, Protocol UDP

What changes to the firewall do I need to make? I already tried Multicast Forwarding to no avail. Since I never had to work with multicast I am a little bit lost.

Thank you in advance.

Chris



This thread was automatically locked due to age.
  • 0

    Hi Realnix,

    Did you refer to, Sophos XG Firewall: How to configure Multicast Routing.

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

    • 0 in reply to sachingurung

      Hi,

      I did that. It didn't help. I set the xiaomi device as the source. But I've noticed that in the packet capture it says:

      Destination 224.0.0.50, Type UDP, Ports 4321,9898 Rule 0, Status Violation, Reason Local_ACL.

      Now my question: Do I need to create an additional firewall rule?

      Thanks

      • 0 in reply to reallinx

        Yes, you require a FW-Rule to communicate between the two zone. Let us know if creating a rule resolves the issue, if you still see a violation, enable the remote support and DM the access code for me to verify the configurations. 

        Thanks,

        Sachin Gurung
        Team Lead | Sophos Technical Support
        Knowledge Base  |  @SophosSupport  |  Video tutorials
        Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

        • 0 in reply to sachingurung

          Ah okay. What is it supposed to look like? Right now I have the following:

          Source: WIFI, xiaomi

          Destination: Any zone, Multicast (224.0.0.50)

          What: Any service

          But that didn't work. Still shows the Violation Local_ACL.

          Thanks

          • 0 in reply to reallinx

            Refer to the article here and PM me the access code to check the configurations. I assure you that, no changes will be made without your permissions.

            Thanks,

            Sachin Gurung
            Team Lead | Sophos Technical Support
            Knowledge Base  |  @SophosSupport  |  Video tutorials
            Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

        • +1

          I did a bit of investigation and in regard to the RFC-5571, the concerned multicast IP 224.0.0.50 is a part of the reserved 224.0.0.0/24 Local Network Control Block which cannot be routed. This requires to add 224.0.0.50 to PIM-SM, you can try configuring PIM-SM by referring to, Sophos XG Firewall: How to configure PIM-SM routing. Let us know if that helps.

          Thanks,

          Sachin Gurung
          Team Lead | Sophos Technical Support
          Knowledge Base  |  @SophosSupport  |  Video tutorials
          Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

          • 0 in reply to sachingurung

            If I'm understanding this thread correctly, are you saying 'Multicast Forwarding' cannot be used to forward 224.0.0.* across VLANs?

             

            When I try to setup PIM-SM and enter 224.0.0.251 (for MDNS) into the Multicast Group List, I get the following error:

            "Invalid multicast group list IP as '224.0.0.251' is a part of reserved multicast address list used for different routing protocols"

            ---

            Sophos XG guides for home users: https://shred086.wordpress.com/