Configure multicast routing
This page provides details about the configuration of multicast routing.
You must turn on multicast forwarding before you can add a multicast route.
To configure multicast routing, do as follows:
-  Configure static multicast routes 
-  Select: option 3 (Route configuration) > option 2 (Configure Multicast Routing) > option 2 (Configure Static-routes) and execute the following command mroute add input-interface port portnumber source-ip sourceipaddress dest-ip destinationipaddress output-interface port portnumberThe parameters and their meanings are shown in the table. Option Description input-interface Interface on which multicast traffic arrives on the firewall. source-ip Unicast IP address of source transmitting multicast traffic. destination-ip Class D IP address (224.0.2.0 to 239.255.255.255). output-interface Interface from which multicast traffic exits the firewall. Examplemroute add input-interface PortA source-ip 1.1.1.1.1 dest-ip 230.1.1.2 output-interface PortBSophos Firewall forwards multicast traffic received on interface PortA from IP address 1.1.1.1 to 230.1.1.2 through interface PortB. If you want to inject multicast traffic to more than one interface, you must add routes for each destination interface. Examplemroute add input-interface PortA source-ip 1.1.1.1 dest-ip 230.1.1.2 output-interface PortB mroute add input-interface PortA source-ip 1.1.1.1 dest-ip 230.1.1.2 output-interface PortC
-  Viewing routes 
-  Select Option 3 (Route Configuration) > Option 2 (Configure Multicast Routing) > Option 2 (Configure Static-routes) and execute the following command: mroute show
-  Removing routes 
-  Select Option 3 (Route configuration) > Option 2 (Configure Multicast Routing) > Option 2 (Configure Static-routes) and execute the following command: mroute del input-interface source-ipaddress destination-ip output-interfaceExample mroute del eth0 1.1.1.1 230.1.1.1 eth2 Multicast route deleted successfullyNote - Source and destination interfaces can't be the same for multicast routes.
- You can't define multicast destination interfaces. Route manipulation per interface is required to add or delete multicast routes.
- Non-Ethernet interfaces such as IPsec0 aren't supported.
 
-  Multicast routes over IPsec VPN tunnel Sophos Firewall supports secure transport of multicast traffic over untrusted networks using an IPsec VPN connection. You can send and receive unicast and multicast traffic between two or more VPN sites connected to the public internet. This removes multicast-aware routers' dependency on IPsec VPNs to connect two sites. To be able to access a multicast route, a unicast host must be configured as an explicit host (with netmask /32) in the VPN configuration. 
-  Select Option 3 (Route Configuration) > Option 2 (Configure Multicast Routing) > Option 2 (Configure Static-routes) and use the below commands to configure multicast routing over IPsec: Option Description mroute add input-interface Port [portnumber] source-ip [ipaddress] destip [ipaddress] output-interface Port [portnumber]To forward multicast traffic from a given interface to another. Example: mroute add input-interface PortA source-ip192.168.1.2 dest-ip239.0.0.55 outputinterface PortBmroute add input-interface Port [portnumber] source-ip [ipaddress] destip [ipaddress] output-tunnel gre name [gretunnelname]To forward multicast traffic from a specific interface to a specific GRE tunnel. Example: mroute add input-interface PortA source-ip192.168.1.2 dest-ip 239.0.0.55 output-tunnel gre name Elitecoremroute add input-interface Port [portnumber] source-ip [ipaddress] destip [ipaddress] output-tunnel IPsecTo forward multicast traffic from a specific interface to IPsec tunnels. Sophos Firewall automatically selects the tunnel to use depending upon the local and remote network configurations. Example: mroute add input-interface PortA source-ip 192.168.1.2 dest-ip 239.0.0.55 outputtunnel IPsecmroute add input-tunnel IPsec name [IPsecconnectionname] sourceip [ipaddress] dest-ip [ipaddress] output-interface Port [portnumber]Forwards multicast traffic from an IPsec connection to a specific interface. Example: mroute add input-tunnel IPsec ~Net2Net source-ip 192.168.1.2 dest-ip 239.0.0.55 output-interface PortBmroute add input-tunnel IPsec name [IPsecconnectionname] sourceip [ipaddress] dest-ip [ipaddress] output-tunnel IPsecForwards multicast traffic from a specific IPsec tunnel to other IPsec tunnels. Sophos Firewall automatically selects the appropriate tunnel based on the local and remote network configurations. Example: mroute add input-tunnel IPsec name Net2Net source-ip 192.168.1.2 destip 239.0.0.55 output-tunnel IPsecmroute add input-tunnel IPsec name [IPsecconnectionname] port [number] source-ip [ipaddress] dest-ip pipaddress] output-tunnel gre name [gretunnelname]Forwards multicast traffic coming from a specific IPsec tunnel to another specific GRE tunnel Example: mroute add input-tunnel IPsec name Net2Net source-ip 192.168.1.2 destip 239.0.0.55 output-tunnel gre name Elitecoremroute add input-tunnel gre name [gretunnelname] source-ip [ipaddress] dest-ip [ipaddress] output-interface Port [portnumber]Forwards multicast traffic coming from a specific GRE tunnel to a specific interface. Example: mroute add input-tunnel gre name Elitecore source-ip 192.168.1.2 destip 239.0.0.55 output-interface PortBmroute add input-tunnel gre name [gretunnelname] source-ip [ipaddress] dest-ip [ipaddress] output-tunnel gre name [gretunnelname]Forwards multicast traffic from a specific GRE tunnel to another specific GRE tunnel. Example: mroute add input-tunnel gre name Elitecore source-ip 192.168.1.2 destip 239.0.0.55 output-tunnel gre name Terminal1mroute add input-tunnel gre name [gretunnelname] source-ip [ipaddress] dest-ip [ipaddress] output-tunnel IPsecForwards multicast traffic coming from a specific GRE tunnel to IPsec tunnels. Sophos Firewall automatically selects the appropriate tunnel to be used depending on the local and remote network configurations. Example: mroute add input-tunnel gre name Elitecore source-ip 192.168.1.2 dest-ip 239.0.0.55 output-tunnel IPsecmroute del source-ip [ipaddress] dest-ip [ipaddress]Deletes a multicast route. Example: mroute del source-ip 192.168.1.2 dest-ip 239.0.0.55The CLI only shows static interfaces as input and output interfaces, whereas the web admin console shows static and dynamic interfaces. For example, PPPoE and DHCP.