Enabling mDNS Between Subnets

This article explains how to configure mDNS for your Cato account.

Overview

mDNS is a protocol for name resolution without having to configure a DNS server. It enables hosts to communicate with each other in your network within the same VLAN seamlessly. mDNS uses multicast packets to allow discovery of the different hosts in the network. This lets you use a variety of mDNS-based services, such as an office printer or a monitor in a meeting room to share your screen.

Note

Note: IGMP is not supported.

 

mDNS-sameSubnet.png

For example, if you have a host within VLAN 10 that it needs to discover the printers in the VLAN, the host sends out mDNS requests and receives responses from all endpoints providing these services in the VLAN (within the broadcast domain). Since the devices are in the same VLAN, the communication happens directly without involving the Socket.

mDNS-differentSubnet.png

However, if you are part of VLAN 10 and your printer is part of VLAN 20, you do not have direct access to the printer since it's in a separate subnet. To enable your computer to communicate with the printer in VLAN 20, you must enable the Socket to function as an mDNS gateway. That lets you to send multicast requests from VLAN 10 and receive responses from devices offering services within VLAN 20.

Note

Note:

Since multicast traffic is noisy, and considered not secure, Cato recommends that you only enable mDNS traffic for subnets that require it.

 

Configure mDNS between Subnets

For communication between the different subnets to work, you need to configure the following:

  • Enable mDNS for the relevant VLANs in the site's network configuration

    Note

    Note:

    mDNS must be enabled on all VLAN segments that you need to communicate with each other.

  • Allow unicast traffic between the VLANs in the LAN Firewall

Enable mDNS on your VLANs

mDNS-VLAN.png

To enable mDNS on a VLAN:

  1. From the site menu, click Networks.

  2. Click New or edit an existing IP range.

  3. Under Additional Settings, select mDNS Gateway.

  4. Click Apply and then click Save.

Allow Unicast Traffic

After enabling mDNS for your various subnets, you must configure a rule to allow the traffic in the LAN Firewall. For more information, see Configuring the Socket LAN Firewall Policy.

Was this article helpful?

1 out of 1 found this helpful

4 comments

  • Comment author
    JM

    Should the mDNS gateway be enabled on the (in this case) printer VLAN only or the client VLAN as well?

  • Comment author
    Yaron Libman

    Hi JM - thank you for reaching out.

    mDNS needs to be enabled on both segments in your example.

  • Comment author
    Suman Kumar Pagadala

    Not able to see mDNS boolean in the subnets.

  • Comment author
    Yaron Libman

    Hi Suman - can you please double-check that your IP Range type is defined as VLAN? If it is and you're still not seeing the option, please reach out to support

Add your comment