Security

 View Only
last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

SRX - Multicast - PIM - Sparse Dense Mode

  • 1.  SRX - Multicast - PIM - Sparse Dense Mode

    Posted 03-16-2021 05:20
      |   view attached
    Dear Folks ,

    I am facing issue with configuring and testing multicast on SRX - Sparse Dense Mode , diagram attached .

    below the configuration which i did .

    SRX-HQ
    set interfaces ge-0/0/0 unit 0 family inet address 180.50.1.254/24
    set interfaces ge-0/0/1 unit 0 family inet address 10.10.10.50/24

    set routing-options static route 180.20.1.0/24 next-hop 10.10.10.20

    set protocols pim dense-groups 224.0.1.39/32
    set protocols pim dense-groups 224.0.1.40/32
    set protocols pim rp local address 10.10.10.50
    set protocols pim rp auto-rp mapping
    set protocols pim interface all mode sparse-dense

    set security policies from-zone trust to-zone untrust policy any match source-address any
    set security policies from-zone trust to-zone untrust policy any match destination-address any
    set security policies from-zone trust to-zone untrust policy any match application any
    set security policies from-zone trust to-zone untrust policy any then permit

    set security policies from-zone untrust to-zone trust policy any match source-address any
    set security policies from-zone untrust to-zone trust policy any match destination-address any
    set security policies from-zone untrust to-zone trust policy any match application any
    set security policies from-zone untrust to-zone trust policy any then permit

    set security policies default-policy permit-all

    set security zones security-zone untrust host-inbound-traffic system-services any-service
    set security zones security-zone untrust host-inbound-traffic protocols all
    set security zones security-zone untrust interfaces ge-0/0/1.0

    set security zones security-zone trust host-inbound-traffic system-services any-service
    set security zones security-zone trust host-inbound-traffic protocols all
    set security zones security-zone trust interfaces ge-0/0/0.0

    SRX-REMOTE:

    set interfaces ge-0/0/0 unit 0 family inet address 180.20.1.254/24
    set interfaces ge-0/0/1 unit 0 family inet address 10.10.10.20/24

    set routing-options static route 0.0.0.0/0 next-hop 10.10.10.50

    set protocols pim dense-groups 224.0.1.39/32
    set protocols pim dense-groups 224.0.1.40/32
    set protocols pim rp auto-rp discovery
    set protocols pim rp static address 10.10.10.50
    set protocols pim interface all mode sparse-dense

    set security policies from-zone trust to-zone untrust policy any match source-address any
    set security policies from-zone trust to-zone untrust policy any match destination-address any
    set security policies from-zone trust to-zone untrust policy any match application any
    set security policies from-zone trust to-zone untrust policy any then permit

    set security policies from-zone untrust to-zone trust policy any match source-address any
    set security policies from-zone untrust to-zone trust policy any match destination-address any
    set security policies from-zone untrust to-zone trust policy any match application any
    set security policies from-zone untrust to-zone trust policy any then permit

    set security zones security-zone untrust host-inbound-traffic system-services any-service
    set security zones security-zone untrust host-inbound-traffic protocols all
    set security zones security-zone untrust interfaces ge-0/0/1.0

    set security zones security-zone trust host-inbound-traffic system-services any-service
    set security zones security-zone trust host-inbound-traffic protocols all
    set security zones security-zone trust interfaces ge-0/0/0.0

    I am trying to test multicast using VNC but it is not working  , would you please to check the configuration and let me know if there is something missing 



    ------------------------------
    Mohammad Rummaneh
    ------------------------------