Configuring a Firewall Rule to Allow Multicast Traffic

By default, multicast traffic from Any zone to Any zone is blocked by the firewall. To enable multicast traffic, you must first uncheck Block Multicast Packets in the Firewall > Attack Protection page, and then manually create firewall rules to allow multicast forwarding from a specific zone to other zones. The security appliance predefines a multicast address (IPv4_Multicast) for this purpose.

For example, IGMP Proxy can be active from WAN zone to LAN zone. When you enable IGMP Proxy and want to receive multicast packets from WAN zone to LAN zone, you must uncheck Block Multicast Packets in the Firewall > Attack Protection page, and then create a firewall rule to permit multicast traffic from WAN zone to LAN zone.

This section provides a configuration example about how to create a WAN-to-LAN firewall rule to permit multicast traffic by using the predefined multicast address object.

 1. Click Firewall > Access Control > ACL Rules.

 2. Click Add to add a new firewall rule.

The Rule - Add/Edit window opens.

 3. Enter the following information:

 • Enable: Click On to enable the firewall rule.

 • From Zone: Choose WAN as the source zone of traffic.

 • To Zone: Choose LAN as the destination zone of traffic.

 • Services: Choose ANY for this firewall rule.

 • Source Address: Choose ANY as the source address.

 • Destination Address: Choose the predefined multicast address called “IPv4_Multicast” as the destination address.

 • Schedule: Choose Always On for this firewall rule.

 • Log: Click Off for this firewall rule. We recommend that you disable the Log feature for a multicast firewall rule.

 • Match Action: Choose Permit to allow access.

 4. Click OK to save your settings.

 5. Click Save to apply your settings.