Hello team,

I'm trying to deny a traffic from outside to inside.

I have the multicast source directly connected to the router.

The pc which receives the flow is on a LAN which is reached via inside zone.

I only have two zones, inside and outside.

I can't see the flow in audit trail.

How can I deny multicast traffic from certain sources or to limited destinations?

I don't even know if this should be on the out-to-self or in out-to-in rules, I tried a few configurations but always works.

I haven't configured it to be permitted but the traffic is flowing.

This traffic is crossing the router with no problems.

Trying to do the same at in-to-out direction, I only could deny this traffic by denying pim and igmp traffic between the router with the source and the router with the destination.

What do I need is to deny traffic but only to certain multicast directions.

Is that possible?

 This is the extract from the config:

parameter-map type inspect PM-MY-PM-VALUES
 audit-trail on
 max-incomplete low 800
 one-minute low 300
 udp idle-time 75
 icmp idle-time 90
 dns-timeout 60
 tcp idle-time 90
 tcp finwait-time 5
 tcp synwait-time 3
 tcp max-incomplete host 500 block-time 10
 sessions maximum 200
 log dropped-packets

class-map type inspect match-any CM-OUT2IN
 match protocol icmp
 match protocol sip
 match access-group name ACL-OUT2IN

policy-map type inspect PM-OUT2IN
 class type inspect CM-OUT2IN
  inspect PM-MY-PM-VALUES
 class class-default
  drop log

zone-pair security ZP-OUT2IN source EXTERNAL-ZONE destination INTERNAL-ZONE
 service-policy type inspect PM-OUT2IN

ip access-list extended ACL-OUT2IN
 permit icmp any any