Configuring Bonjour forwarding for the MX Security Appliance
Bonjour forwarding enables interVLAN communication between Bonjour devices and applications on your LAN. Natively, Bonjour functions on a single subnet; Bonjour forwarding removes this limitation by forwarding the multicast DNS traffic between the client and service VLANs as needed.
- Brief overview of Bonjour
- MX/Z1 Bonjour Forwarding setup
Brief Overview of Bonjour
Bonjour is a Zero Configuration Networking protocol that leverages mDNS for network discovery of other Bonjour enabled devices on your LAN. Natively, mDNS frames sent by a Bonjour enabled client will setup and maintain inter-client communication within a single broadcast domain. Figure 1 below exemplifies a typical mDNS packet advertising Apple Airplay.
Figure 1 - mDNS frame for Airplay.
MX/Z1 Bonjour Forwarding setup
a) To get to the MX/Z1 settings page browse to Configure > Firewall > Bonjour forwarding. Click Add a Bonjour forwarding rule to view the list of fields that can be filled out. See Figure 2 & 3.
Figure 2 - Bonjour forwarding section under Configure > Firewall > Bonjour forwarding.
Figure 3 - Fields for a Bonjour forwarding rule on an MX/Z1.
b) The Service VLANs and Client VLANs fields display all eligible VLANs. Those subnets defined by Client VPN, site-site VPN and static routes are ineligible. The Service VLANs field host a Bonjour service that should be forwarded. The Client VLANs field are those VLANs to which a Bonjour service will be forwarded to, and discovery messages forwarded from. See Figure 4.
Figure 4 - Service and Client VLAN dropdown options.
c) The Services field lists specific Bonjour services. For example, Airplay or iChat. If chosen, this service is forwarded to all VLANs listed in Client VLANs. If not, the service will not participate in interVLAN communication with other Bonjour clients.
Figure 5 - List of services that are displayed on the dropdown menu.