Screen OS

Hello,

I have a SSG5 with wireless, and are trying to get a Apple TV (connected by wireless 192.168.2.x net) to sync with iTunes on a PC (connected by cable 192.168.1.x net).

The SSG5 puts the wireless and cable PCs on different subnets, but the Apple TV need to be on same subnet as the PC with iTunes on in order to be able to sync.

How do I solve that problem ?

Thanks in advance..
#appletv
#SSG5

Hi,

I haven't used the SSGs but I understand that you can create a bridged interface that includes both wireless and fixed Ethernet ports. This was never possible with the NS5GT, much to my annoyance ;-). If this is possible, then that's what you need to do. By creating a single bridged domain, you'll have a single subnet and the PC and the AppleTV will be able to talk to each other.

Rgds,

Guy

---

@gdavies wrote:
Hi,

I haven't used the SSGs but I understand that you can create a bridged interface that includes both wireless and fixed Ethernet ports.

That about creating a bridged interface, sound like something that should make it work.

Is there anyone that can explain to me how to configure that ?

Thanks in advance..

Hi,

I looked around the documentation and the feature you're looking for is bridge group interfaces (bgroup0 to bgroup3 or bgroup0/0 to bgroup0/2). According to the documentation for ScreenOS 6.0 (Fundamentals) you can create bridge groups from ports on the SSG. As I mentioned, I've never had to play with an SSG so I have not tried this (although it would make my life much easier if the NS5GT supported this behaviour :-).

Rgds,

Guy
#group
#wireless
#bgroup
#bridge
#SSG
#ethernet

Hi Keith,

So the bgroup interfaces aren't like other interfaces that can themselves have an ip address and be routed? I thought that was how it behaved because it appears that a bgroup is an interface that happens to contain a number of ports (kind of like a vlan interface).

I am not an expert in ScreenOS by any stretch of the imagination but that was what I thought the purpose of the bgroup interface was.

Rgds,

Guy

Message Edited by KB_Fan on 01-12-2008 04:14 PM
#bgroup

---

@kb_Fan wrote:

WebUI

Network > Interfaces > List > Edit (bgroup_name) > Bind Port: Select the wireless and ethernet interfaces, then click Apply.

At first the wireless0/0 wasn't selectable but I found out that it was because I had to remove the IP net from it first and put it in the null zone.

After that I had no problem moving it to bgroup0 and now my wireless and cabled machines get IPs from the same subnet and everything work 🙂

Thank you for the help.

Hi,

Glad to hear it's all working for you. It's not uncommon to have to remove higher layer config before you can modify lower layer config. I know that the E series is the same.

Thanks to Keith for spending the time to actually read through the documentation more thoroughly than I did 🙂 Now, how do I get hold of an SSG5 to replace my NS5GT? 😄

Rgds,

Guy

Speaking of SlingPlayer, can someone post the modifications/rules required to open up port 5001 for remote viewing. I've been playing around with it for a bit but I've had no luck. Thanks!

Hi,

You probably need to do something like this...

set service "Slingserver" protocol tcp src-port 0-65535 dst-port 5001-5001
set interface untrust vip untrust 5001 "Slingserver" /yourslingserversaddress/
set policy id 11 name "Slingserver-In" from "Untrust" to "Trust" "Any" "VIP(untrust)" "Slingserver" nat dst ip /yourslingserversaddress/ permit
set policy id 11
exit

That creates the Slingserver service, applies it to a VIP on the untrust interface and creates a policy to permit it via the VIP on your untrust interface.

Rgds,

Guy

Anyone found a solution to this problem with a 5GT?
I have tried playing around with all of the mcast features of ScreenOS (5.4.0r6.0) but I am unable to make the 5GT forward the MDNS mcast messages (to 224.0.0.251) between the wired and wireless segment...
Strangely enough it does forward messages going to another mcast address - 239.255.255.250.
BTW, I checked and in both cases IGMP messages are sent by the clients but don't help anyway (no matter if I enable or disable IGMP on the interfaces of the FW).

Thanks!

Hi,

You should never be able to get any router to forward 224.0.0.0/24. It's supposed to be used for link-local traffic. If you want to do stuff within your administrative area, 224.0.1.0/24 is commonly used. These are 'well-known' groups and are assigned by the IANA.

239.0.0.0/8 is the nearest thing to a multicast equivalent of private address space (RFC1918).

Unfortunately, AFAIK, there is no way to make the NS5GT bridge between the wireless and the ethernet. If there were, I'd be a very happy man 🙂 As it stands, I have to use a third party AP to bridge onto my home LAN and the NS5GT provides connectivity for my Nintendo Wii 🙂

Rgds,

Guy

Guy,

 

Are you saying that the Wii connects wirelessly to the 5GT, or to the 3rd party AP?  Are there any special configuration issues to consider when trying to get a Wii to connect to a 5GT?  The Wii sees the wireless, but will not connect.  Any BTDT's?

 

chico