firewall : multicast-policy
 
multicast-policy
Use this command to configure a source NAT IP. This command can also be used in Transparent mode to enable multicast forwarding by adding a multicast policy.
The matched forwarded (outgoing) IP multicast source IP address is translated to the configured IP address. For additional options related to multicast, see multicast-forward {enable | disable} in system settings and tp-mc-skip-policy {enable | disable} in system global.
Syntax
config firewall multicast-policy
edit <index_int>
set action {accept | deny}
set auto-asic-offload {enable | disable}
set dnat <address_ipv4>
set dstaddr <addr_name_list>
set dstintf <name_str>
set logtraffic {enable | disable}
set snat {enable | disable}
set snat-ip <address_ipv4>
set srcaddr <addr_name_list>
set srcintf <name_str>
set status {enable | disable}
set protocol <multicastlimit_int>
set start-port <port_int>
set end-port <port_int>
end
Variable
Description
Default
<index_int>
Enter the unique ID number of this multicast policy.
No default.
action {accept | deny}
Enter the policy action.
accept
auto-asic-offload {enable | disable}
Enable or disable session offloading to SP processors.
Only available in NAT/Route operation mode.
enable
dnat <address_ipv4>
Enter an IP address to destination network address translate (DNAT) externally received multicast destination addresses to addresses that conform to your organization's internal addressing policy.
0.0.0.0
dstaddr <addr_name_list>
Enter the names of multicast destination addresses for this policy. Separate address names with spaces. These addresses are defined in firewall multicast-address.
No default.
dstintf <name_str>
Enter the destination interface name to match against multicast NAT packets.
No default.
logtraffic
{enable | disable}
Enable or disable recording traffic log messages for this policy.
disable
snat {enable | disable}
Enable substitution of outgoing interface IP address for the original source IP address.
disable
snat-ip <address_ipv4>
Enter an IP address to use as the NAT source address. snat must be enabled.
0.0.0.0
srcaddr <addr_name_list>
Enter the names of source IP addresses for this policy. Separate address names with spaces. These addresses are defined in firewall address, address6.
No default.
srcintf <name_str>
Enter the source interface name to match against multicast NAT packets.
No default.
status {enable | disable}
Enable or disable this policy.
enable
protocol <multicastlimit_int>
Limit the number of protocols (services) sent out via multicast using the FortiGate unit.
0
start-port <port_int>
The beginning of the port range used for multicast. Availability of this field depends on protocol.
No default.
end-port <port_int>
The end of the port range used for multicast. Availability of this field depends on protocol.
65535