Security

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



SRX - Multicast - PIM - Sparse Dense Mode

  • 1.  SRX - Multicast - PIM - Sparse Dense Mode

    Posted 03-16-2021 05:20
      |   view attached
    Dear Folks ,

    I am facing issue with configuring and testing multicast on SRX - Sparse Dense Mode , diagram attached .

    below the configuration which i did .

    SRX-HQ
    set interfaces ge-0/0/0 unit 0 family inet address 180.50.1.254/24
    set interfaces ge-0/0/1 unit 0 family inet address 10.10.10.50/24

    set routing-options static route 180.20.1.0/24 next-hop 10.10.10.20

    set protocols pim dense-groups 224.0.1.39/32
    set protocols pim dense-groups 224.0.1.40/32
    set protocols pim rp local address 10.10.10.50
    set protocols pim rp auto-rp mapping
    set protocols pim interface all mode sparse-dense

    set security policies from-zone trust to-zone untrust policy any match source-address any
    set security policies from-zone trust to-zone untrust policy any match destination-address any
    set security policies from-zone trust to-zone untrust policy any match application any
    set security policies from-zone trust to-zone untrust policy any then permit

    set security policies from-zone untrust to-zone trust policy any match source-address any
    set security policies from-zone untrust to-zone trust policy any match destination-address any
    set security policies from-zone untrust to-zone trust policy any match application any
    set security policies from-zone untrust to-zone trust policy any then permit

    set security policies default-policy permit-all

    set security zones security-zone untrust host-inbound-traffic system-services any-service
    set security zones security-zone untrust host-inbound-traffic protocols all
    set security zones security-zone untrust interfaces ge-0/0/1.0

    set security zones security-zone trust host-inbound-traffic system-services any-service
    set security zones security-zone trust host-inbound-traffic protocols all
    set security zones security-zone trust interfaces ge-0/0/0.0

    SRX-REMOTE:

    set interfaces ge-0/0/0 unit 0 family inet address 180.20.1.254/24
    set interfaces ge-0/0/1 unit 0 family inet address 10.10.10.20/24

    set routing-options static route 0.0.0.0/0 next-hop 10.10.10.50

    set protocols pim dense-groups 224.0.1.39/32
    set protocols pim dense-groups 224.0.1.40/32
    set protocols pim rp auto-rp discovery
    set protocols pim rp static address 10.10.10.50
    set protocols pim interface all mode sparse-dense

    set security policies from-zone trust to-zone untrust policy any match source-address any
    set security policies from-zone trust to-zone untrust policy any match destination-address any
    set security policies from-zone trust to-zone untrust policy any match application any
    set security policies from-zone trust to-zone untrust policy any then permit

    set security policies from-zone untrust to-zone trust policy any match source-address any
    set security policies from-zone untrust to-zone trust policy any match destination-address any
    set security policies from-zone untrust to-zone trust policy any match application any
    set security policies from-zone untrust to-zone trust policy any then permit

    set security zones security-zone untrust host-inbound-traffic system-services any-service
    set security zones security-zone untrust host-inbound-traffic protocols all
    set security zones security-zone untrust interfaces ge-0/0/1.0

    set security zones security-zone trust host-inbound-traffic system-services any-service
    set security zones security-zone trust host-inbound-traffic protocols all
    set security zones security-zone trust interfaces ge-0/0/0.0

    I am trying to test multicast using VNC but it is not working  , would you please to check the configuration and let me know if there is something missing 



    ------------------------------
    Mohammad Rummaneh
    ------------------------------