Multicast Support

PIX Firewall allows multicast traffic to be passed through it (in version 6.2 and later). PIX Firewall allows statically configurable multicast routes or the use of an IGMP helper address for forwarding IGMP reports and leave announcements. PIX also allows filtering to be done on the multicast traffic passing through the PIX.

Figure 8-10 shows how the PIX Firewall acting as a proxy agent forwards IGMP report and leave messages to a multicast-enabled router, which updates PIM based on these messages. The result is that the end hosts on the internal network can receive the multicast video traffic from the server on the Internet.

Figure 8-11 shows another scenario in which the multicast server is sitting behind the PIX Firewall. In this case, the PIX Firewall's role is to forward the multicast traffic received from the server sitting behind it to a multicast router. The router then uses PIM-based mechanisms to forward the traffic for distribution to end hosts listening for this traffic.

The following summarizes the PIX Firewall's multicast support:

• Access list filters can be applied to multicast traffic to permit or deny specific protocols and ports.

• NAT and PAT can be performed on the multicast packet source addresses only.

• Multicast data packets with destination addresses in the 224.0.0.0/24 address range are not forwarded. However, everything else in the 224.0.0.0/8 address range is forwarded.

• IGMP packets for address groups within the 224.0.0.0 to 224.0.0.255 range are not forwarded, because these addresses are reserved for protocol use.

• NAT is not performed on IGMP packets. When IGMP forwarding is configured, the PIX Firewall forwards the IGMP packets (report and leave) with the IP address of the helper interface as the source IP address.

Figure 8-10 PIXFirewall Multicast Support: Multicast Clients Behind the PIX

Multicast Routing (Multicast Receivers Behind the PIX)

End Hosts - Multicast Traffic Recipients

Figure 8-11 PIX Firewall Multicast Support: Multimedia Server Behind the PIX

End Hosts - Multicast Traffic Recipients

Figure 8-11 PIX Firewall Multicast Support: Multimedia Server Behind the PIX

Multicast Routing (Multicast Server Behind the PIX)

Video/Multimedia Server
0 0

Post a comment