You can configure your XTM device to support limited broadcast routing through a Branch Office VPN (BOVPN) tunnel. When you enable broadcast routing, the tunnel supports broadcasts to the limited broadcast IP address, 255.255.255.255. Local subnet broadcast traffic is not routed through the tunnel. Broadcast routing supports broadcast only from one network to another through a BOVPN tunnel.
Broadcast routing through a BOVPN tunnel is supported only between XTM devices, and is not supported across a BOVPN virtual interface.
Broadcast routing through a BOVPN tunnel does not support these broadcast types:
For an example that shows which broadcasts can be routed through a BOVPN tunnel, see Broadcast Routing Through a BOVPN Tunnel.
Some software applications require the ability to broadcast to other network devices in order to operate. If devices that need to communicate this way are on networks connected by a BOVPN tunnel, you can enable broadcast routing through the tunnel so the application can find the devices on the network at the other end of the tunnel.
When you enable multicast or broadcast routing through a BOVPN tunnel, the XTM device creates a GRE tunnel inside the IPSec VPN tunnel between the networks. The XTM device sends the broadcast or multicast traffic through the GRE tunnel. The GRE tunnel requires an unused IP address on each side of the tunnel. So you must configure helper IP addresses for each end of the BOVPN tunnel.
We recommend that you select helper IP addresses in a private network IP address range that is not used by any local network or by any remote network connected through a VPN. This ensures that the addresses do not conflict with any other device. The private network ranges are:
If you enable broadcast or multicast routing in more than one branch office VPN tunnel, make sure that you use a different pair of helper IP addresses for each tunnel.
If you enable broadcast or multicast routing for a FireCluster, make sure that the IP address does not conflict with the cluster interface IP addresses or the cluster management IP addresses.
Make Tunnels Between Gateway Endpoints
Add Routes for a Tunnel