CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 5 of 5

Thread: Multicast over GRE

  1. #1
    Join Date
    2016-07-29
    Posts
    8
    Rep Power
    0

    Default Multicast over GRE

    Hello everyone,

    I am not very familiar with Multicast and have some doubts regarding how it should be done through Check Point.

    There are two Cisco routers on either side of the HA Cluster with a GRE tunnel (which is up and working). There is FM radio communication that goes through this GRE tunnel. I do not see any other traffic than GRE (in the logs and tcpdump/fw monitor). The issue is one way communication. I do not see any drops either.

    My question is do I need to enable PIM on the interfaces that are connected to the routers because I do not see any other configuration specific to this issue. I am not sure about this because I do not even see PIM in the clear, its all encapsulated in GRE.

    Thank you

  2. #2
    Join Date
    2012-07-10
    Location
    Zurich, Switzerland
    Posts
    222
    Rep Power
    6

    Default Re: Multicast over GRE

    The GRE-Tunnel is completely transparent to the Firewall. However, since both routers (Tunnel Endpoints) can start a communication, you must make sure that your firewall rule allows true bi-directional traffic ;-)

  3. #3
    Join Date
    2016-07-29
    Posts
    8
    Rep Power
    0

    Default Re: Multicast over GRE

    Quote Originally Posted by slowfood27 View Post
    The GRE-Tunnel is completely transparent to the Firewall. However, since both routers (Tunnel Endpoints) can start a communication, you must make sure that your firewall rule allows true bi-directional traffic ;-)
    Thanks for your reply. GRE is allowed bidirectionally between the two routers and the tunnel is working fine

  4. #4
    Join Date
    2006-09-26
    Posts
    3,019
    Rep Power
    15

    Default Re: Multicast over GRE

    Quote Originally Posted by TangoM View Post
    There is FM radio communication that goes through this GRE tunnel. I do not see any other traffic than GRE (in the logs and tcpdump/fw monitor).
    this has nothing to do with the Checkpoint firewall since you have bi-directional GRE traffics through the Checkpoint firewalls. You stated in your post that the FM radio communication goes through the GRE tunnel. If that is the case, you should see nothing other than GRE tunnel across the checkpoint firewall.

    since it is not working, you need to make sure the FM communication is actually is tunneled inside the GRE tunnel. One way to do that is capture the traffics on the checkpoint firewall and use wireshark to decode the GRE traffics and you will see if the FM communication is actually tunnel inside GRE tunnel.

  5. #5
    Join Date
    2016-07-29
    Posts
    8
    Rep Power
    0

    Default Re: Multicast over GRE

    It was a routing issue in the tunnel

Similar Threads

  1. Multicast how-to ?
    By masseyuni in forum Dynamic Routing
    Replies: 1
    Last Post: 2008-06-04, 04:14
  2. VSX and Multicast
    By sisu-up in forum VPN-1 VSX
    Replies: 0
    Last Post: 2007-06-14, 11:49
  3. From multicast to unicast
    By stephan411 in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 2
    Last Post: 2006-12-15, 19:52
  4. is there any Multicast on the CCSA ?
    By derspot in forum CCSA NGX Exam 156-215.1 (No Longer Offered)
    Replies: 4
    Last Post: 2006-12-06, 09:23
  5. Multicast and NAT
    By Barry J. Stiefel in forum NAT (Network Address Translation)
    Replies: 0
    Last Post: 2005-08-13, 23:37

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •