Enable multicast routing
Configure global multicast for ultra-low latency policy signalling
Enable multicast routing
Threatmatic's policy signalling mechanism is underpinned by global multicast, enabling the control plane to push policy updates to thousands of endpoints simultaneously — with sub-50ms delivery in most cases.
Multicast routing is enabled by default for all organizations. This guide explains how to verify it is active and tune it for your environment.
How it works
Rather than unicast delivery (one message per endpoint), Threatmatic uses multicast groups to broadcast policy changes across all enrolled endpoints in a region simultaneously. This keeps signalling overhead minimal regardless of fleet size.
Steps
Verify multicast is active
- Go to Network → Multicast
- Confirm status shows Active for each of your active regions
Review region coverage
Each Threatmatic region maintains its own multicast group. Endpoints automatically join the group for their nearest region.
To see which region each endpoint is assigned to:
- Go to Devices
- Check the Region column
Configure failover behavior
If a regional multicast group becomes unreachable, Threatmatic falls back to unicast delivery automatically. To review or adjust failover settings:
- Go to Network → Multicast → Failover
- Set your preferred Failover Mode:
Auto(default) orManual - Set the Failover Timeout — how long to wait before switching (default:
5s)
In Auto mode, failover is transparent to endpoints. Policy enforcement
continues uninterrupted.
Test delivery latency
- Go to Network → Multicast → Diagnostics
- Click Run Latency Test
- Review the per-region delivery times — target is under 50ms
Next steps
How is this guide?
Last updated on