I have a predefined policy that does the following:
allow tcp or udp in/out for ip
source and destination mask: 192.168.1.0 mask 255.255.255.0
source and destination port: any.
second rule below the first one: block ip in out source and destination any protocol any.
these rules are applied to all pcs in the network and should make sure that the intranet communication is working, but no internet access is allowed.
but broadcasting does not work, because any application that requires broadcasts does not work, meaning clients do not find a server. any idea what I did wrong?
help would be amazing since this is a problem I have had for a long time now.
Isn’t the local multicast zone the zone from 22.214.171.124.-126.96.36.199? Then you need to add a rule for that zone.
To see what IP addresses get blocked make sure that the block rule of the policy also logs when it blocks. Then the logs will inform you what IP address range you need to allow.
in this case it was 255.255.255.255 according to the logs, and it does work. I guess this will be not a security risk since the broadcast will be only on the lan, of course including all subnets, right?
thanks for the fast answer and the tip!
Broadcast get’s send to either 192.168.1.255 (Directed Broadcast) or to 255.255.255.255 (Limited Broadcast).
For the 192.168.1.255 goes that the host part of the ip subnet will be set to .255 so if you used 172.16.0.0/16 then the broadcast would be send to 172.16.255.255.
What Eric is refering to is Multicast but for that you also need to allow the IGMP or CGMP to allow the host to register to the Multicast groups.