This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multicast forwarding on UTM

Hi there,

 

I have a testbed with a Sophos UTM where there are two networks connected (each on a interface of the UTM).

N1: 192.168.1.0/24 (UTM IP: 192.168.1.1)
N2: 192.168.2.0/24 (UTM IP: 192.168.2.1)

As both networks are known to the  UTM, there was no need to define a static route from one network to the other.

Network traffic is working fine between both subnets. (Unicast) packets are forwarded from N1 to N2 and vice versa.

 

I then added three hosts on one subnet (N2), where one is the sender of multicast packets and the other two are the receivers.

192.168.2.2 is sending multicast packets (using iperf) to the IP address 224.0.0.100.
192.168.2.3 and 192.168.2.4 bind to 224.0.0.100 and are able to receive the packets.

So far, so good.

I've then added a host to N1 (192.168.1.2) which should also receive the multicast packets.
Unfortunately, it does not. I do not have a clue, why.
I've also followed various documentation pages and howtos (also on the Sophos website), but no one did work.
I've configured multicast interfaces in the multicast routing section as well as a multicast router (I've tried both IP addresses of the UTM and wanted to use the UTM as multicast router).
I even added routes as the documentation reads that one needs to add multicast routes if multicast packets should be forwarded between subnets (is that really necessary in this scenario).

 

No one of my tests allowed me to receive broadcast packets on subnet N1.

Does anyone have a clue as to why?
Is there some documentation or howto available that also works for this scenario?

Best regards,
Tom



This thread was automatically locked due to age.
  • Hi Tom and welcome to the UTM Community!

    Please show pictures of the Edits of the relevant configurations.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi BAlfson,

    thanks for your reply.
    Here are screenshots of my configuration.

     

    Main page: Two interfaces and one RP router activated

    Interfaces
    The two configured interfaces of the UTM are also configured as Multicast interfaces

    RP Routers
    The UTM is configured as RP router

    As Multicast Group prefixes, I tried several, including 224.0.0.0/4

     

    If you need additional screenshots or information, please let me know.

     

    Best regards,

    Tom

  • I don't know that the UTM can be the RP Router - do you have another device that can?  I think you'll also need to add the route, but it's been awhile since I played with this.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Does the device need to have network interfaces in all the subnets?

    If so, which IP address should I enter for the RP router?

    If not, in which subnet should the router be located?

    a. in the subnet where the sender is connected?

    b. in the other subnet?

     

    Do I need to install a special software in order for the device to become a RP router?

    (For your information, I'm using iperf to generate multicast traffic and I'm also using iperf to receive the multicast packets.)

     

    Best regards,

    Tom

  • Like I said, Tom, it's been a long time (ibalt).  I don't think it needs to be connected to all subnets, but ibalt.  I think I used a Windows Server as the RP, but ibalt.  I think the sender was in the segment with the WinServer, but ibalt.  I look forward to seeing what you wind up with - wish I'd documented it at the time.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi BAlfson and all,

     

    thanks for your support, but I'm still not able to get this Multicast Routing done.

    I think I'll give up now. It's sad, that Sophos does not provide more detailed information on that topic and that there's no chance to get someone from Sophos have look into that issue or provide a better description on to what to do to have multicast routing up and running.

     

    Probably it would be the best to just remove that option, as now it just confuses people. I guess that most of the people do not understand this option and those who do understand what multicast is, might despair due to the poor documentation.

     

    Sorry to say, but this is one more reason to look for alternatives to the Sophos UTM devices...

     

    Best regards,

    Thomas

  • https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml

     

    The range of addresses between 224.0.0.0 and 224.0.0.255, inclusive,
    is reserved for the use of routing protocols and other low-level
    topology discovery or maintenance protocols, such as gateway discovery
    and group membership reporting. Multicast routers should not forward
    any multicast datagram with destination addresses in this range,
    regardless of its TTL.

     

    The above might be the reason why hosts of N1 will not receive multicast from N2

  • Did you get this to work? I tried a while back, but I too failed miserably. I have an app on my iPhone that uses multicasts to find my Denon amp which is now on another subnet. it would have been handy today if it had worked, so I tried again - here's what I did;

    • Interfaces & Routing / Multicast Routing (PIM-SM) / Global - It showed me one interface and one router. 
    • Interfaces tab - add a second interface, on the interface I wanted to send the multicasts to
    • Global tab - flick the switch

    That's it - app found the amp at the first attempt. 9.702-1.

    Edit - I just checked all of the release notes as far back as the date of the original post, and there's no mention of any fixes. Works for me though, might be worth another try if you've not done so. 

  • Unfortunately, I did not get this up and running.

    I've given up trying, as there is no support from Sophos at all on this topic and our partners do not know about this feature as well.

    They even suggested us to make workarounds...

     

    Sorry for the bad news, but Sophos is not performing well when it comes to customer support here...

     

    Best regards

    Tom

  • Hallo Tom,

    Did you try Le's suggestion above?  I only set this up to play with it and have disabled it.  Here's the setting I have that used the Windows Server.  It's been a long time, but I don't think I changed anything.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA