Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewalls & multicast- what's the choice?

From: "Dale W. Carder" <dwcarder () doit wisc edu>
Date: Tue, 01 Aug 2006 10:18:22 -0500

On Aug 1, 2006, at 6:41 AM, Bob Arthurs wrote:

any special considerations for PIM / Multicast?
what are the alternatives, when are they used, and what are their  
pros/cons.



There's 2 common ways that firewalls implement multicast support
(robustly).  Some actually speak a multicast routing protocol, or
the other approach is to filter at layer 2, aka "transparent mode"
to stay out of the way.

Both are valid approaches.  If you want to route on your firewall,
you probably need support for pim sparse mode.  Don't accept only
dense mode or dvmrp implementation.  I believe that recent releases
for cisco pix/asa have pim-sm.  I personally favor transparent mode
and there are many vendors out there that can do it.

Now, for your ruleset you are going to have to do a bit of homework or
you will end up with a "default allow" acl.  Are there only specific
groups you will let in?  Are there only specific machines allowed to
send to these groups?

Dale

----------------------------------
Dale W. Carder - Network Engineer
University of Wisconsin at Madison
http://net.doit.wisc.edu/~dwcarder



_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: