I have a testbed with a Sophos UTM where there are two networks connected (each on a interface of the UTM).
N1: 192.168.1.0/24 (UTM IP: 192.168.1.1)N2: 192.168.2.0/24 (UTM IP: 192.168.2.1)
As both networks are known to the UTM, there was no need to define a static route from one network to the other.
Network traffic is working fine between both subnets. (Unicast) packets are forwarded from N1 to N2 and vice versa.
I then added three hosts on one subnet (N2), where one is the sender of multicast packets and the other two are the receivers.
192.168.2.2 is sending multicast packets (using iperf) to the IP address 188.8.131.52.192.168.2.3 and 192.168.2.4 bind to 184.108.40.206 and are able to receive the packets.
So far, so good.
I've then added a host to N1 (192.168.1.2) which should also receive the multicast packets.Unfortunately, it does not. I do not have a clue, why.I've also followed various documentation pages and howtos (also on the Sophos website), but no one did work.I've configured multicast interfaces in the multicast routing section as well as a multicast router (I've tried both IP addresses of the UTM and wanted to use the UTM as multicast router).I even added routes as the documentation reads that one needs to add multicast routes if multicast packets should be forwarded between subnets (is that really necessary in this scenario).
No one of my tests allowed me to receive broadcast packets on subnet N1.
Does anyone have a clue as to why?Is there some documentation or howto available that also works for this scenario?
Hi Tom and welcome to the UTM Community!
Please show pictures of the Edits of the relevant configurations.
Cheers - Bob
thanks for your reply.Here are screenshots of my configuration.
Main page: Two interfaces and one RP router activated
InterfacesThe two configured interfaces of the UTM are also configured as Multicast interfaces
RP RoutersThe UTM is configured as RP router
As Multicast Group prefixes, I tried several, including 220.127.116.11/4
If you need additional screenshots or information, please let me know.
I don't know that the UTM can be the RP Router - do you have another device that can? I think you'll also need to add the route, but it's been awhile since I played with this.
Does the device need to have network interfaces in all the subnets?
If so, which IP address should I enter for the RP router?
If not, in which subnet should the router be located?
a. in the subnet where the sender is connected?
b. in the other subnet?
Do I need to install a special software in order for the device to become a RP router?
(For your information, I'm using iperf to generate multicast traffic and I'm also using iperf to receive the multicast packets.)
Like I said, Tom, it's been a long time (ibalt). I don't think it needs to be connected to all subnets, but ibalt. I think I used a Windows Server as the RP, but ibalt. I think the sender was in the segment with the WinServer, but ibalt. I look forward to seeing what you wind up with - wish I'd documented it at the time.
Hi BAlfson and all,
thanks for your support, but I'm still not able to get this Multicast Routing done.
I think I'll give up now. It's sad, that Sophos does not provide more detailed information on that topic and that there's no chance to get someone from Sophos have look into that issue or provide a better description on to what to do to have multicast routing up and running.
Probably it would be the best to just remove that option, as now it just confuses people. I guess that most of the people do not understand this option and those who do understand what multicast is, might despair due to the poor documentation.
Sorry to say, but this is one more reason to look for alternatives to the Sophos UTM devices...
The range of addresses between 18.104.22.168 and 22.214.171.124, inclusive,is reserved for the use of routing protocols and other low-leveltopology discovery or maintenance protocols, such as gateway discoveryand group membership reporting. Multicast routers should not forwardany multicast datagram with destination addresses in this range,regardless of its TTL.
The above might be the reason why hosts of N1 will not receive multicast from N2