Multicast forwarding for bonjour and similar applications that use mDNS not working with Palo Alto firewall.

Multicast forwarding for bonjour and similar applications that use mDNS not working with Palo Alto firewall.

16390
Created On 12/25/19 22:18 PM - Last Modified 10/04/22 03:13 AM


Symptom


 Multicast forwarding for bonjour application not working between two networks separated by a Palo Alto firewall.

Environment


  • Palo Alto Firewalls
  • PAN-OS 9.0 and below
  • Apple Bonjour Support.

Cause


  •   Apple bonjour is one of the applications that uses mDNS for its operation which by default is not routable across networks. 
  •   The multicast IP address for the bonjour protocol is 224.0.0.255.
  •   This multicast address 224.0.0.255 falls within the address range 224.0.0.0 to 224.0.0.255, which is reserved for local subnetwork and is not routable. 

Resolution


PAN-OS 10.0 and above has support for Apple Bonjour. Refer Configure Bonjour Reflector for Network Segmentation.  
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNxYCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language