A Broad-Multicast access rule propagates broadcasts between multiple bridged network interfaces.
Create a Broad-Multicast Access Rule
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
- Click Lock.
- Either click the plus icon (+) in the top right of the rule set or right-click the rule set and select New > Rule.
- Select Broad-Multicast as the action.
- Enter a name for the rule.
- Specify the following settings that must be matched by the traffic to be handled by the access rule:
- Source – The bridged network.
- Destination – The broadcast addresses that you want to propagate in the network.
- Service – Select a service object, or select Any for this rule to match all services.
In the Broad- Multicast - Propagation List field, enter the propagation interface or IP address(es). You can also enter a comma-delimited array of (bridged) network interfaces or existing IP addresses.
Propagation List Content Example Operation Mixed list of IP addresses and interfaces
port2,port3,192.168.200.10 IP packets are propagated through the specified interface and in the case of IP addresses, the outgoing interface is determined by performing a routing lookup. Network interface(s) port2, port3, vpnr0, br.BRID01 The IP packets are transmitted unchanged through the specified interface(s). If a bridged port is used, you must enter all bridged ports and the bridged interface. IP address(es) 192.168.200.10,10.10.0.100 The target of IP packets is changed according to the specified IP address(es) and packets are delivered after performing a routing lookup. <interface>:<IP address> port2:192.168.200.10 The IP packets are transmitted through the specified interface and the target is changed according to the specified IP address. For a standard IP address, a layer 2 broadcast is triggered. For a multicast IP address, a corresponding layer 2 multicast MAC is created. <interface>:<IP address>! 192.168.200.10! Forces a layer 2 broadcast and the target MAC address is changed to ff:ff:ff:ff:ff:ff. This will also work if the destination is a multicast address. - Click OK.
- Drag and drop the access rule so that it is the first rule that matches the traffic that you want it to forward. Ensure that the rule is located above the BLOCKALL rule; rules located below the BLOCKALL rule are never executed.
- Click Send Changes and Activate.
Additional Matching Criteria
- Authenticated User – For more information, see User Objects.
- Connection Method – For more information, see Connection Objects.
Additional Policies
- Time Objects – For more information, see Schedule Objects.