CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 7 of 7

Thread: multicast issue

  1. #1
    Join Date
    2017-03-06
    Posts
    7
    Rep Power
    0

    Default multicast issue

    Hello,

    we have checkpoint r8010 running on two gateways and we have 2 different vlans on these gateways: vlan 1 and vlan 10 . there is no access restriction between these two networks.

    we stream multicast from server having vlan1 and we want the pc with vlan 10 to receive it. However we fail to receive this although we have tried several configurations.

    Can you help us with the details we need to pay attention so that we can have the multicast successfully?

  2. #2
    Join Date
    2006-09-26
    Posts
    3,194
    Rep Power
    17

    Default Re: multicast issue

    Quote Originally Posted by coskun_ist View Post
    Hello,

    we have checkpoint r8010 running on two gateways and we have 2 different vlans on these gateways: vlan 1 and vlan 10 . there is no access restriction between these two networks.

    we stream multicast from server having vlan1 and we want the pc with vlan 10 to receive it. However we fail to receive this although we have tried several configurations.

    Can you help us with the details we need to pay attention so that we can have the multicast successfully?
    I've not dealt with Checkpoint multicast since R75.47 and my recommendation is to stay away from checkpoint multicast. Checkpoint TAC does not have the expertise to help you when you run into issue. I've had so many issues with running multicast with checkpoints that I eventually gave up and do GRE tunnel across checkpoint firewalls with Cisco routers as a very stable solution.

    That being said, this my multicast configuration on the R75.47 a few years ago:

    set pim mode sparse

    set pim hello-interval default

    set pim data-interval default

    set pim assert-interval default

    set pim assert-limit default

    set pim jp-interval default

    set pim jp-delay-interval default

    set pim jp-suppress-interval default

    set pim register-suppress-interval default

    set pim bootstrap-candidate priority default

    set pim cisco-compatibility on

    set pim interface eth0 on

    set pim interface eth0 dr-priority 10

    set pim interface eth0 local-address 172.17.211.10

    set pim interface eth1 on

    set pim interface eth1 dr-priority 10

    set pim interface eth1 local-address 172.17.211.132

    set pim candidate-rp on

    set pim candidate-rp advertise-interval default

    set pim candidate-rp priority default

    set pim static-rp rp-address 192.168.254.10 multicast-group 229.0.199.211/32 on

    set pim static-rp rp-address 192.168.254.10 multicast-group 229.0.199.213/32 on

    set pim static-rp rp-address 192.168.254.10 multicast-group 229.0.199.215/32 on

    set pim static-rp rp-address 192.168.254.10 multicast-group 229.0.199.217/32 on

    set pim static-rp rp-address 192.168.254.10 multicast-group 229.0.199.219/32 on

    set pim static-rp rp-address 192.168.254.10 multicast-group 229.0.199.221/32 on

    set pim static-rp rp-address 192.168.254.10 multicast-group 229.0.199.223/32 on

    set pim static-rp rp-address 192.168.254.10 multicast-group 229.0.199.225/32 on

    set pim static-rp rp-address 192.168.253.10 multicast-group 229.0.199.210/32 on

    set pim static-rp rp-address 192.168.253.10 multicast-group 229.0.199.212/32 on

    set pim static-rp rp-address 192.168.253.10 multicast-group 229.0.199.214/32 on

    set pim static-rp rp-address 192.168.253.10 multicast-group 229.0.199.216/32 on

    set pim static-rp rp-address 192.168.253.10 multicast-group 229.0.199.218/32 on

    set pim static-rp rp-address 192.168.253.10 multicast-group 229.0.199.220/32 on

    set pim static-rp rp-address 192.168.253.10 multicast-group 229.0.199.222/32 on

    set pim static-rp rp-address 192.168.253.10 multicast-group 229.0.199.224/32 on

    set pim static-rp rp-address 192.168.253.10 multicast-group 229.0.199.230/32 on

    set pim static-rp rp-address 192.168.253.10 multicast-group 229.0.199.234/32 on

    set pim assert-rank protocol direct rank default

    set pim assert-rank protocol kernel rank default

    set pim assert-rank protocol static rank default

    set pim assert-rank protocol ospf rank default

    set pim assert-rank protocol ospfase rank default

    set pim assert-rank protocol rip rank default

    set pim assert-rank protocol bgp rank default

  3. #3
    Join Date
    2019-02-11
    Posts
    1
    Rep Power
    0

    Default Re: multicast issue

    Hi,

    With R80.10 PIM is expected to work properly.
    Can you share the configuration and topology you are using?
    Is it PIM SM/DM/SSM?
    are you using igmpv2? v3?
    Do you see multicast groups in 'show igmp groups'?
    Do you see multicast flows in 'show pim joins' and in '#ip mroute'?
    Is it a cluster?
    What are the PIM peers devices?

    Thanks.

  4. #4
    Join Date
    2006-09-26
    Posts
    3,194
    Rep Power
    17

    Default Re: multicast issue

    Quote Originally Posted by Yairsh View Post
    Hi,

    With R80.10 PIM is expected to work properly.
    Can you share the configuration and topology you are using?
    Is it PIM SM/DM/SSM?
    are you using igmpv2? v3?
    Do you see multicast groups in 'show igmp groups'?
    Do you see multicast flows in 'show pim joins' and in '#ip mroute'?
    Is it a cluster?
    What are the PIM peers devices?

    Thanks.
    LOL... I love your answer. You must be working for Checkpoint, no?

  5. #5
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,651
    Rep Power
    10

    Default Re: multicast issue

    I thought that was a pretty good list of questions. I mean its not like you explained anything in your configuration or asked any questions about the OPs setup, which is kind of critical since multicast is not easy. Keeping that in mind your post wasn't very helpful for someone that might not understand multicast, which is just about everyone. Multicast is a strange thing.

    BTW i'll just throw this out there since it hasn't been brought up. Multicast doesn't always support multiple hops by default. I recently found out weather services apps might be configured with a default TTL of 1.

  6. #6
    Join Date
    2006-09-26
    Posts
    3,194
    Rep Power
    17

    Default Re: multicast issue

    Quote Originally Posted by jflemingeds View Post
    I thought that was a pretty good list of questions. I mean its not like you explained anything in your configuration or asked any questions about the OPs setup, which is kind of critical since multicast is not easy. Keeping that in mind your post wasn't very helpful for someone that might not understand multicast, which is just about everyone. Multicast is a strange thing.

    BTW i'll just throw this out there since it hasn't been brought up. Multicast doesn't always support multiple hops by default. I recently found out weather services apps might be configured with a default TTL of 1.

    That's the problem. Multicast is not easy to setup. Not difficult but it is no cake walk. Even when the OP gets it to work. What is he going to do when it stops working or he leaves the company and this thing is being dumped to the next engineer.

    I standby what I said before. There are so many things that can and will go wrong with Checkpoint multicast that is not even funny. You get different results depend on how you setup multicast. With VRRP, the multicast will come up much faster than ClusterXL. With ClusterXL, sometime multicast will not start after reboot and/or cpstop;cpstart. I dealt with it for a long time. I had one ticket opened with Checkpoint for over a year. After a lot of kicking and screaming, I finally got to the right engineer to understand the issue and it took him 8 months to resolve the issue and Checkpoint broke it again in the next HFAs. Had to jump through the same hoop again until found the engineer who understands the issue. Painful.

  7. #7
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    308
    Rep Power
    13

    Default Re: multicast issue

    Quote Originally Posted by jflemingeds View Post
    Keeping that in mind your post wasn't very helpful for someone that might not understand multicast, which is just about everyone.
    Unicast goes to one host.

    Broadcast goes to all hosts in a network.

    Multicast goes to no hosts, because it's set up wrong. Again.
    Zimmie

Similar Threads

  1. Multicast disable on switch or ARP issue?
    By susiar in forum R75.40 (GAiA)
    Replies: 3
    Last Post: 2013-11-22, 05:31
  2. Multicast Issue with Cluster
    By scucci in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 2
    Last Post: 2009-02-04, 08:26
  3. Multicast how-to ?
    By masseyuni in forum Dynamic Routing
    Replies: 1
    Last Post: 2008-06-04, 04:14
  4. Multicast Issue with Log from Nokia 390
    By mcarey in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 6
    Last Post: 2008-03-03, 09:11
  5. ClusterXL issue when use set_ccp multicast
    By Wutkung in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 1
    Last Post: 2007-04-20, 12:21

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •