Configure IGMP Protocol

Use the Add IGMP parameters dialog box to add new IGMP parameters to the threat defense device. Use the Edit IGMP parameters dialog box to change existing parameters.

• Interface—From the drop-down list, choose the interface for which you want to configure IGMP protocol.

• Enable IGMP—Check the check box to enable IGMP.

  Note	Disabling IGMP on specific interfaces is useful if you know that there are no multicast hosts on a specific interface and you want to prevent the device from sending host query messages on that interface.

• Forward Interface—From the drop-down list, choose the specific interface from which you want to forward IGMP messages.

  This configures the Secure Firewall Threat Defense device to act as an IGMP proxy agent and forward IGMP messages from hosts connected on one interface to an upstream multicast router on another interface.

• Version—Choose IGMP Version 1 or 2.

  By default, the threat defense device runs IGMP Version 2, which enables several additional features.

  Note

  All multicast routers on a subnet must support the same version of IGMP. The threat defense device does not automatically detect Version 1 routers and switch to Version 1. However, you can have a mix of IGMP Version 1 and 2 hosts on the subnet; the threat defense device running IGMP Version 2 works correctly when IGMP Version 1 hosts are present.

• Query Interval—The interval in seconds at which the designated router sends IGMP host-query messages. The range is 1 to 3600. The default is 125.

  Note	If the threat defense device does not hear a query message on an interface for the specified timeout value, then the device becomes the designated router and starts sending the query messages.

• Response Time—The interval in seconds before the threat defense device deletes the group. The range is 1 to 25. The default is 10.

  If the threat defense device does not receive a response to a host query within this amount of time, it deletes the group.

• Group Limit—The maximum number of hosts that can join on an interface. The range is 1 to 500. The default is 500.

  You can limit the number of IGMP states resulting from IGMP membership reports on a per-interface basis. Membership reports exceeding the configured limits are not entered in the IGMP cache, and traffic for the excess membership reports is not forwarded

• Query Timeout—The period of time in seconds before which the threat defense device takes over as the requester for the interface after the previous requester has stopped. The range is 60 to 300. The default is 255.