On Aug 1, 2006, at 6:41 AM, Bob Arthurs wrote:
> any special considerations for PIM / Multicast?
> what are the alternatives, when are they used, and what are their
> pros/cons.

There's 2 common ways that firewalls implement multicast support
(robustly). Some actually speak a multicast routing protocol, or
the other approach is to filter at layer 2, aka "transparent mode"
to stay out of the way.

Both are valid approaches. If you want to route on your firewall,
you probably need support for pim sparse mode. Don't accept only
dense mode or dvmrp implementation. I believe that recent releases
for cisco pix/asa have pim-sm. I personally favor transparent mode
and there are many vendors out there that can do it.

Now, for your ruleset you are going to have to do a bit of homework or
you will end up with a "default allow" acl. Are there only specific
groups you will let in? Are there only specific machines allowed to
send to these groups?


Dale W. Carder - Network Engineer
University of Wisconsin at Madison

firewall-wizards mailing list