Multicast Policies
A number of popular services use multicast protocols. Examples include the Bonjour service used for finding devices on a network, EIGRP and OSPF. To make it easier to allow multicast traffic through the FortiGate unit, you can now add multicast policies from the web‑based manager by going to Policy > Policy > Multicast Policy and selecting Create New.
Similar to a regular security policy, you configure a multicast policy by selecting incoming and outgoing interfaces, source and destination addresses, enabling NAT, and selecting an action.
Specific to multicast policies, you can also specify a destination NAT (DNAT) address and select a multicast protocol (options include ANY, ICMP, IGMP, TCP, UDP, OSPF and other). You cannot add or edit these protocols but, if you select Other, you can add a protocol number.
The destination address of a multicast policy must be a multicast address firewall object. Multicast addresses are added by going to
Firewall Objects > Address > Addresses and selecting
Create New > Multicast Address. The FortiGate default configuration includes some commonly used multicast addresses.
Figure 74 shows the configuration of the default Bonjour multicast address.