How to Block Multicast Traffic in a VWire (Virtual Wire) Setup

How to Block Multicast Traffic in a VWire (Virtual Wire) Setup

20430
Created On 09/25/18 17:59 PM - Last Modified 02/07/19 23:53 PM


Resolution

Multicast traffic is blocked in the Layer-3 mode by default, but is forwarded by default in the Virtual Wire mode.

To apply security policies for multicast:

  • Enable multicast firewalling under the Virtual Wire configuration:

    8-16-2012 9-24-59 AM.png

Multicast traffic transiting through the firewall can now be blocked, by either blocking the entire global multicast IP address range 224.0.0.0/4, or by blocking PIM and IGMP under the security rule.

Note: Before blocking multicast, consider routing protocols that use multicast (OSPF, RIP, VRRP for example). If they are in use on the network, they will be blocked as well.

  • Blocking the entire Multicast address range

    8-16-2012 9-27-44 AM.png

  • Blocking the protocol PIM and IGMP, using application signatures

    8-16-2012 9-28-50 AM.png

  • This is how the rule would look to block multicast on Virtual Wire (click to enlarge):

    8-16-2012 10-46-48 AM.png

owner: kprakash



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClMECA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language