Support Center > Search Results > SecureKnowledge Details
Multicast address ranges are not supported for use in the rulebase Technical Level
Symptoms
  • If the object that was created by right-clicking on 'Address Ranges' -> 'Multicast Address Range...' is used in a rule, then the traffic will not match that rule. Instead, either the CleanUp rule will be matched, or a rule lower in the rulebase that matches the criteria for that traffic (Source, Destination, Service).
Cause

Only Unicast address ranges are supported in the rulebase.

"Multicast Address Range" is a special object that can be used only for joining a multicast group. Therefore, Multicast address ranges are intended for use only in the Topology of Security Gateways (Security Gateways - go to 'Topology' pane - select an interface - click on 'Edit...' - go to 'Multicast Restrictions' tab - check the box 'Drop multicast packets by the following conditions:' - click on 'Add...' button - select a Multicast address range object).

When a multicast address range is created in standard way (through editing a topology of specific interface in the Security Gateway object), the created multicast address range object is a special object called "multicast_address_range", which is not a "normal" address range. These address ranges cannot be used in the rulebase.


Solution

To use the same address range in the rulebase, standard Unicast address range should be created:

  1. Right-click on "Address Ranges" - go to submenu "Address Ranges" - select "Address Range...".

  2. Enter the required settings.

  3. Click on 'OK' to complete the object creation.

  4. Save the changes: go to 'File' menu - click on 'Save'.

  5. Create the relevant security rules with the new Unicast address range object.

  6. Save the changes: go to 'File' menu - click on 'Save'.

  7. Install the policy onto relevant Security Gateways.

 

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment