This article explains how to configure mDNS for your Cato account.
mDNS is a protocol for name resolution without having to configure a DNS server. It enables hosts to communicate with each other in your network within the same VLAN seamlessly. mDNS uses multicast packets to allow discovery of the different hosts in the network. This lets you use a variety of mDNS-based services, such as an office printer or a monitor in a meeting room to share your screen.
For example, if you have a host within VLAN 10 that it needs to discover the printers in the VLAN, the host sends out mDNS requests and receives responses from all endpoints providing these services in the VLAN (within the broadcast domain). Since the devices are in the same VLAN, the communication happens directly without involving the Socket.
However, if you are part of VLAN 10 and your printer is part of VLAN 20, you do not have direct access to the printer since it's in a separate subnet. To enable your computer to communicate with the printer in VLAN 20, you must enable the Socket to function as an mDNS gateway. That lets you to send multicast requests from VLAN 10 and receive responses from devices offering services within VLAN 20.
Note
Note:
Since multicast traffic is noisy, and considered not secure, Cato recommends that you only enable mDNS traffic for subnets that require it.
Configure mDNS between Subnets
For communication between the different subnets to work, you need to configure the following:
-
Enable mDNS for the relevant VLANs in the site's network configuration
Note
Note:
mDNS must be enabled on all VLAN segments that you need to communicate with each other.
-
Allow unicast traffic between the VLANs in the LAN Firewall
After enabling mDNS for your various subnets, you must configure a rule to allow the traffic in the LAN Firewall. For more information, see Configuring the Socket LAN Firewall Policy.
4 comments
Should the mDNS gateway be enabled on the (in this case) printer VLAN only or the client VLAN as well?
Hi JM - thank you for reaching out.
mDNS needs to be enabled on both segments in your example.
Not able to see mDNS boolean in the subnets.
Hi Suman - can you please double-check that your IP Range type is defined as VLAN? If it is and you're still not seeing the option, please reach out to support
Please sign in to leave a comment.