cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3423
Views
0
Helpful
3
Replies

multicast through Checkpoint FW?

rharland
Level 1
Level 1

We're working on lighting up multicast throughout our network. Getting

MBGP routes correctly from my ISP and things are working well on our

border router and switches. However, we're having some issues getting

mcast through our Checkpoint firewall to our core router. Cisco's

pitched putting a GRE tunnel between our border router and the core

router to circumvent the FW, etc., etc., which just seems so clunky.

Has anyone found an appropriate method to get multicast to function

normally without resorting to GRE methods?

Border router is a 6500 running hybrid mode w/MSFC2 and core router in question is a 4500 w/MSFC3.

thanks for any info!

3 Replies 3

Hello,

what exactly is the issue with CheckPoint and multicast addressing ? Can´t you just add the multicast addresses to the list of allowed networks on your respective interface(s) ?

Regards,

GP

That's what I thought, but my firewall guy's telling me that Checkpoint's line is that the rev of code he's running doesn't 'natively' support multicast, which I find hard to believe. The enforcement modules on the FWs run zebra as a routing entity, and the configuration capability's a bit limited, I guess.

It just strikes me as strange that there should be a problem like this with multicast and Checkpoint FWs, since there have to be hundreds of locations out there that are getting multicast content via provider links.

thanks,

Russ

we had the same issue with our checkpoint firewalls,becasue we are not running any dynmic routing on the firewalls and they are clustered & routers were runing HSRP. we found that the RP was pointing to the virtual IP address of the firewalls, for PIM you need a actual physical interface. we got run this by running tunnels & mroutes on our routers through the checkpoint firewall.