Configure Multicast Routing

This page provides details about configuration of multicast routing.

Use the steps below to configure multicast routing.

Multicast routes can't be added before enabling multicast forwarding.

Configure static multicast routes

  1. Select: option 3 (Route configuration) > option 2 (Configure Multicast Routing) > option 2 (Configure Static-routes) and execute the following command

    console> mroute add input-interface port portnumber source-ip sourceipaddress dest-ip destinationipaddress output-interface port portnumber

    The parameters and their meanings are shown in the table.

    OptionDescription

    input-interface

    Interface from which multicast traffic is supposed to arrive (interface that leads to the source of multicast traffic). This is the port through which traffic arrives.

    source-ip

    Unicast IP address of source transmitting multicast traffic.

    destination-ip

    Class D IP address (224.0.0.0 to 239.255.255.255).

    output-interface

    Interface on which you want to forward the multicast traffic (interface that leads to the destination of multicast traffic). This is the port through which traffic exits the XG Firewall.

    Example:

    console> mroute add input-interface PortA source-ip 1.1.1.1.1 dest-ip 230.1.1.2 output-interface PortB

    Sophos XG Firewall forwards multicast traffic received on interface PortA from IP address 1.1.1.1 to 230.1.1.2 through interface PortB.

    If you want to inject multicast traffic to more than one interface, you have to add routes for each destination interface.

    Example:

    console> mroute add input-interface PortA source-ip 1.1.1.1 dest-ip 230.1.1.2 output-interface PortB
    console> mroute add input-interface PortA source-ip 1.1.1.1 dest-ip 230.1.1.2 output-interface PortC
Viewing routes
  1. Select Option 3 (Route Configuration) > Option 2 (Configure Multicast Routing) > Option 2 (Configure Static-routes) and execute the following command:
    console> mroute show
Removing routes
  1. Select Option 3 (Route configuration) > Option 2 (Configure Multicast Routing) > Option 2 (Configure Static-routes) and execute the following command:
    console> mroute del input-interface source-ipaddress destination-ip output-interface

    Example:

    console> mroute del eth0 1.1.1.1 230.1.1.1 eth2
    Multicast route deleted successfully
    Note
    • Source and destination interfaces can't be the same for multicast routes.
    • Multicast destination interfaces can't be defined. Route manipulation per interface is required to add or delete multicast routes.
    • Non-Ethernet interfaces such as IPsec0 aren't supported.

Multicast routes over IPsec VPN tunnel

Sophos XG Firewall supports secure transport of multicast traffic over untrusted networks using an IPsec VPN connection.

It is possible to send and receive both unicast and multicast traffic between two or more VPN sites connected through the public internet. This removes the dependency of multicast-aware routers between the sites connecting via IPsec VPN.

Any unicast host wanting to access a multicast needs to be configured as an explicit host (with netmask /32) in the VPN configuration.

  1. Select Option 3 (Route Configuration) > Option 2 (Configure Multicast Routing) > Option 2 (Configure Static-routes) and use the below commands to configure multicast routing over IPsec:
    OptionDescription
    mroute add input-interface Port portnumber source-ip ipaddress 
    destip ipaddress output-interface Port portnumber

    To forward multicast traffic coming from a given interface to another interface.

    Example:

    console>mroute add input-interface PortA source-ip192.168.1.2 dest-ip239.0.0.55 outputinterface PortB
    mroute add input-interface Port portnumber source-ip ipaddress 
    destip ipaddress output-tunnel gre name gretunnelname

    To forward multicast traffic coming from a specific interface to a specific GRE tunnel.

    Example:

    console>mroute add input-interface PortA source-ip192.168.1.2 dest-ip 239.0.0.55 output-tunnel gre name Elitecore
    mroute add input-interface Port portnumber source-ip ipaddress destip ipaddress output-
    tunnel IPsec

    To forward multicast traffic coming from a specific interface to IPsec tunnels.Sophos XG Firewall automatically selects the appropriate tunnel to be used depending upon the local and remote network configurations.

    Example:

    console>mroute add input-interface PortA source-ip 192.168.1.2 dest-ip 239.0.0.55 outputtunnel IPsec
    mroute add input-tunnel IPsec name IPsecconnectionname sourceip ipaddress dest-
    ip ipaddress output-interface Port portnumber

    Forwards multicast traffic coming from an IPsec connection to a specific interface.

    Example:

    console>mroute add input-tunnel IPsec ~Net2Net source-ip 192.168.1.2 dest-ip 239.0.0.55 output-interface PortB
    mroute add input-tunnel IPsec name IPsecconnectionname sourceip ipaddress dest-
    ip ipaddress output-tunnel IPsec

    Forwards multicast traffic coming from a specific IPsec tunnel to other IPsec tunnels. Sophos XG Firewall automatically selects the appropriate tunnel to be used based upon the local and remote network configurations.

    Example:

    console>mroute add input-tunnel IPsec name Net2Net source-ip 192.168.1.2 destip 239.0.0.55 output-
    tunnel IPsec
    mroute add input-tunnel IPsec name port number source-ip ipaddress dest-ip ipaddress output-
    tunnel gre name gretunnelname

    Forwards multicast traffic coming from a specific IPsec tunnel to another specific GRE tunnel

    Example:

    console>mroute add input-tunnel IPsec name Net2Net source-ip 192.168.1.2 destip 239.0.0.55 output-
    tunnel gre name Elitecore
    mroute add input-tunnel gre name gretunnelname source-ip ipaddress dest-ip ipaddress output-
    interface Port portnumber

    Forwards multicast traffic coming a specific GRE tunnel to a specific interface.

    Example:

    console>mroute add input-tunnel gre name Elitecore source-ip 192.168.1.2 destip 239.0.0.55 output-
    interface PortB
    mroute add input-tunnel gre name gretunnelname source-ip ipaddress dest-ip ipaddress output-
    tunnel gre name gretunnelname

    Forwards multicast traffic from a specific GRE tunnel to another specific GRE tunnel.

    Example:

    console>mroute add input-tunnel gre name Elitecore source-ip 192.168.1.2 destip 239.0.0.55 output-
    tunnel gre name Terminal1
    mroute add input-tunnel gre name gretunnelname source-ip ipaddress dest-ip ipaddress output-
    tunnel IPsec

    Forwards multicast traffic coming a specific GRE tunnel to IPsec tunnels.Sophos XG Firewall automatically selects the appropriate tunnel to be used depending on the local and remote network configurations.

    Example:

    console>mroute add input-tunnel gre name Elitecore source-ip 192.168.1.2 dest-ip 239.0.0.55 output-
    tunnel IPsec
    mroute del source-ip ipaddress dest-ip ipaddress

    Deletes a multicast route.

    Example:

    console>mroute del source-ip 192.168.1.2 dest-ip 239.0.0.55
    Note The CLI only shows static interfaces as input and output interfaces whereas the web admin console shows both static and dynamic interfaces (PPPoE, DHCP etc).