firewall {multicast-policy | multicast-policy6}
Use this command to configure a source NAT IP. This command can also be used in Transparent mode to enable multicast forwarding by adding a multicast policy.
The matched forwarded (outgoing) IP multicast source IP address is translated to the configured IP address. For additional options related to multicast, see multicast-forward {enable | disable} in system settings and tp-mc-skip-policy {enable | disable} in system global.
config firewall multicast-policy edit {id} # Configure multicast NAT policies. set id {integer} Policy ID. range[0-4294967294] set status {enable | disable} Enable/disable this policy. set logtraffic {enable | disable} Enable/disable logging traffic accepted by this policy. set srcintf {string} Source interface name. size[35] - datasource(s): system.interface.name,system.zone.name set dstintf {string} Destination interface name. size[35] - datasource(s): system.interface.name,system.zone.name config srcaddr edit {name} # Source address objects. set name {string} Source address objects. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name next config dstaddr edit {name} # Destination address objects. set name {string} Destination address objects. size[64] - datasource(s): firewall.multicast-address.name next set snat {enable | disable} Enable/disable substitution of the outgoing interface IP address for the original source IP address (called source NAT or SNAT). set snat-ip {ipv4 address} IPv4 address to be used as the source address for NATed traffic. set dnat {ipv4 address any} IPv4 DNAT address used for multicast destination addresses. set action {accept | deny} Accept or deny traffic matching the policy. accept Accept traffic matching the policy. deny Deny or block traffic matching the policy. set protocol {integer} Integer value for the protocol type as defined by IANA (0 - 255, default = 0). range[0-255] set start-port {integer} Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535, default = 1). range[0-65535] set end-port {integer} Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535, default = 1). range[0-65535] set auto-asic-offload {enable | disable} Enable/disable offloading policy traffic for hardware acceleration. next end
config firewall multicast-policy6 edit {id} # Configure IPv6 multicast NAT policies. set id {integer} Policy ID. range[0-4294967294] set status {enable | disable} Enable/disable this policy. set logtraffic {enable | disable} Enable/disable logging traffic accepted by this policy. set srcintf {string} IPv6 source interface name. size[35] - datasource(s): system.interface.name,system.zone.name set dstintf {string} IPv6 destination interface name. size[35] - datasource(s): system.interface.name,system.zone.name config srcaddr edit {name} # IPv6 source address name. set name {string} Address name. size[79] - datasource(s): firewall.address6.name,firewall.addrgrp6.name next config dstaddr edit {name} # IPv6 destination address name. set name {string} Address name. size[79] - datasource(s): firewall.multicast-address6.name next set action {accept | deny} Accept or deny traffic matching the policy. accept Accept. deny Deny. set protocol {integer} Integer value for the protocol type as defined by IANA (0 - 255, default = 0). range[0-255] set start-port {integer} Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535, default = 1). range[0-65535] set end-port {integer} Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535, default = 65535). range[0-65535] set auto-asic-offload {enable | disable} Enable/disable offloading policy traffic for hardware acceleration. next end
Additional information
The following section is for those options that require additional explanation.