Enable OSPFv2 on the Firewall, Firewall Cluster, or Virtual Firewall

You must enable OSPFv2 for the Firewall, Firewall Cluster, or Virtual Firewall in the Engine Editor.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Right-click an engine, then select Edit <element type>.
  3. In the navigation pane on the left, browse to Routing > Dynamic Routing.
  4. In the OSPFv2 section, select Enabled.
  5. (Optional) Enter the Router ID in the Router ID field.
  6. If you do not want to use the default OSPFv2 Profile, select another OSPFv2 Profile element from the OSPFv2 Profile drop-down list.
  7. (Optional) To add a network to the antispoofing configuration, click Add next to the Additional Networks to Automatically Add to Antispoofing table.
    You can add hosts, networks, or groups that contain both hosts and networks.
  8. Click Save.

Next steps

You are now ready to add an OSPFv2 Area element to the engine on the Routing branch.

Engine Editor > Routing > Dynamic Routing

Use this branch to configure dynamic routing for the engine. Dynamic routing enables firewalls to automatically change their routing when the network topology changes.

Option Definition
BGP section
Enabled When selected, the BGP protocol for dynamic routing is enabled.
Router ID Enter an ID for the Firewall. The ID must be unique. Often, the global IPv4 address is the ID. By default, the Router ID is automatically the loopback CVI address or the highest CVI address available on the Firewall Cluster.
BGP Profile Select the BGP Profile to use. The element contains distance, redistribution, and aggregation settings.
Autonomous System Select the Autonomous System (AS) to use. An AS represents a whole network or a series of networks.
Announced Networks table You can add hosts, networks, or groups that contain both hosts and networks. Click Add to add an element to the table, or Remove to remove the selected element.
Option Definition
OSPFv2 section
Enabled When selected, the OSPFv2 protocol for dynamic routing is enabled.
Router ID Enter an ID for the Firewall.
OSPFv2 Profile Select the OSPFv2 Profile to use. The element contains distance, redistribution, and aggregation settings.
Additional Networks to Automatically Add to Antispoofing Elements that you add are automatically added under all interfaces (that have dynamic routing elements configured) on the Antispoofing branch in the Engine Editor. You can add hosts, networks, or groups that contain both hosts and networks. Click Add to add an element to the table, or Remove to remove the selected element.
Option Definition
Equal Cost Multi Path Count

(Optional, BGP only)

Enter the number of paths in the operating system routing table that have an equal routing priority for multi-path routing.
Additional Networks to Automatically Add to Antispoofing

(Optional, all protocols)

Elements that you add are automatically added under all interfaces (that have dynamic routing elements configured) on the Antispoofing branch in the Engine Editor. You can add hosts, networks, or groups that contain both hosts and networks. Click Add to add an element to the table, or Remove to remove the selected element.