>
    Strata Cloud Manager
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Advanced Routing
    4. Create Multicast Routing Profiles
    5. Strata Cloud Manager
    Download PDF
    Next-Generation Firewall

    Strata Cloud Manager

    Table of Contents

    Strata Cloud Manager

    Perform this task to create multicast routing profiles for an Advanced Routing Engine on Strata Cloud Manager.
    When you configure IP multicast for an Advanced Routing Engine on Strata Cloud Manager, create multicast IPv4 PIM Interface Timer profiles and multicast IPv4 IGMP Interface Query profiles.
    When you configure MSDP, create multicast MSDP authentication profiles and multicast MSDP Timer profiles.
    1. Select ConfigurationNGFW and Prisma Access.
    2. For Configuration Scope, select Folders and then select All Firewalls, a specific folder, or the specific firewalls you want to configure. (Don’t choose Global.)
    3. Select Device SettingsRoutingProfilesMulticast.
    4. Create a multicast IPv4 PIM Interface Timer profile.
      1. Add Multicast IPv4 PIM Interface Timer Profile.
      2. Enter a Name for the profile (a maximum of 63 alphanumeric, dot [.], hyphen [-], or underscore [_] characters).
      3. Specify the Assert Interval (sec)—number of seconds between PIM Assert messages that the logical router sends to other PIM routers on the multiaccess network when they are electing a PIM forwarder; the range is 1 to 65,534; the default is 177.
      4. Specify the Hello Interval (sec)—number of seconds between PIM Hello messages that the logical router sends to its PIM neighbors from each interface in the interface group; the range is 1 to 180; the default is 30.
      5. Specify the Join Prune Interval (sec)—number of seconds between PIM Join messages (and between PIM Prune messages) that the logical router sends upstream toward a multicast source; the range is 60 to 600; the default is 60.
      6. Save the profile.
    5. Create a multicast IPv4 IGMP Interface Query profile.
      1. Add Multicast IPv4 IGMP Interface Query Profile.
      2. Enter a Name for the profile (a maximum of 63 alphanumeric, dot [.], hyphen [-], or underscore [_] characters).
      3. Specify the Max Query Response Time (sec)—maximum number of seconds allowed for a receiver to respond to an IGMP membership Query message before the logical router determines that the receiver no longer wants to receive multicast packets for the group; the range is 1 to 25; the default is 10.
      4. Specify the Query Interval (sec)—number of seconds between IGMP membership Query messages that the logical router sends to a receiver to determine whether the receiver still wants to receive the multicast packets for a group; the range is 1 to 1,800; the default is 125.
      5. Specify the Last Member Query Interval (sec)—number of seconds allowed for a receiver to respond to a Group-Specific Query that the logical router sends after a receiver sends a Leave Group message; the range is 1 to 25; the default is 1.
      6. If you enable Immediate Leave—leave group immediately when a leave message is received, when there is only one member in a multicast group and the logical router receives an IGMP Leave message for that group, this setting causes the logical router to remove that group and outgoing interface from the multicast routing information base (mRIB) and multicast forwarding information base (mFIB) immediately, rather than waiting for the Last Member Query Interval to expire. Enabling this setting saves network resources. (The default is disabled.)
      7. Save the profile.
    6. Create an MSDP Authentication profile.
      1. Add Multicast MSDP Authentication Profile.
      2. Enter a Name for the profile (a maximum of 63 alphanumeric, dot [.], hyphen [-], or underscore [_] characters).
      3. Enter the Secret (alphanumeric characters, !, @, #, %, and ^ are allowed).
      4. Confirm Secret.
      5. Save the profile.
    7. Create an MSDP Timer profile.
      1. Add Multicast MSDP Timer Profile.
      2. Enter a Name for the profile (a maximum of 63 alphanumeric, dot [.], hyphen [-], or underscore [_] characters).
      3. Enter the Keep Alive Interval in seconds; the range is 1 to 60; the default is 60. After an MSDP transport connection is established with a peer, each side of the connection sends Keepalive messages to the other side at this interval to keep the MSDP session active. If the timer expires, the peer sends a Keepalive message and resets the timer. If no Keepalive or SA message is received for the Message Timeout interval, the MSDP session is reset.
      4. Enter the Message Timeout interval in seconds, which is the interval at which the MSDP peer will wait for Keepalive messages from other peers before declaring them down. The range is 1 to 75; the default is 75.
      5. Enter the Connection Retry Interval in seconds, which is the interval that peers will wait after a peering session is reset before trying to reestablish the peering session. The range is 1 to 60; the default is 30.
      6. Save the profile.
    8. Push Config and Push the configuration. Select the Admin Scope and enter a Description for the configuration. Select Push again.

    © 2025 Palo Alto Networks, Inc. All rights reserved.