Chapter 1 What’s New for FortiOS 5.0 : Firewall : Multicast Policies
  
Multicast Policies
A number of popular services use multicast protocols. Examples include the Bonjour service used for finding devices on a network, EIGRP and OSPF. To make it easier to allow multicast traffic through the FortiGate unit, you can now add multicast policies from the web‑based manager by going to Policy > Policy > Multicast Policy and selecting Create New.
Similar to a regular security policy, you configure a multicast policy by selecting incoming and outgoing interfaces, source and destination addresses, enabling NAT, and selecting an action.
Figure 73: Adding a multicast policy
Specific to multicast policies, you can also specify a destination NAT (DNAT) address and select a multicast protocol (options include ANY, ICMP, IGMP, TCP, UDP, OSPF and other). You cannot add or edit these protocols but, if you select Other, you can add a protocol number.
The destination address of a multicast policy must be a multicast address firewall object. Multicast addresses are added by going to Firewall Objects > Address > Addresses and selecting Create New > Multicast Address. The FortiGate default configuration includes some commonly used multicast addresses. Figure 74 shows the configuration of the default Bonjour multicast address.
Figure 74: Default Bonjour multicast firewall address