Strata Cloud Manager

1. Create an OSPFv3 interface authentication profile.

   1. Select ConfigurationNGFW and Prisma Access.
   2. Select DeviceRoutingProfilesOSPFv3.
   3. Add OSPFv3 Interface Auth profile.
   4. Enter a Name for the authentication profile (a maximum of 63 characters). The name must start with an alphanumeric character, underscore (_), or hyphen (-), and can contain a combination of alphanumeric characters, underscore, or hyphen. No dot (.) or space is allowed.
   5. Enter the SPI (Security Policy Index), which must match between both ends of the OSPFv3 adjacency.
   6. Select the Protocol: ESP (Encapsulating Security Payload) (recommended) or AH (Authentication Header).
   7. Select the Type of authentication:

      • sha1 (default) Secure Hash Algorithm 1
      • sha256
      • sha384
      • sha512
      • md5
      • none
   8. Enter the authentication Key using 5 hexadecimal sections of 8 hexadecimal characters for a total of 40 hexadecimal characters (for example, A5DEC4DD155A695A8B983AACEAA5A97C6AECB6D1).
   9. Confirm Key by entering the same key.
   10. (ESP only) Select the encryption Type:

       • 3des (default)
       • aes-128-cbc
       • aes-192-cbc
       • aes-256-cbc
       • md5
       • null
   11. Enter the encryption Key in hexadecimal format; use the correct number of sections based on the type of ESP encryption:

       • 3des—Use a total of 6 hexadecimal sections in the key.
       • aes-128-cbc—Use a total of 4 hexadecimal sections in the key.
       • aes-192-cbc—Use a total of 6 hexadecimal sections in the key.
       • aes-256-cbc—Use a total of 8 hexadecimal sections in the key.
   12. Confirm Key by entering the same key.
   13. Save the profile.
2. Create an OSPFv3 interface redistribution profile to specify any combination of IPv6 static routes, connected routes, IPv6 BGP routes, and default IPv6 route to redistribute to OSPFv3.

   1. Select ConfigurationNGFW and Prisma Access.
   2. Select Device SettingsRoutingProfilesOSPFv3.
   3. Add OSPFv3 Redistribution profile.
   4. Enter a Name (maximum of 63 characters) for the profile. The name must start with an alphanumeric character, underscore (_), or hyphen (-), and can contain a combination of alphanumeric characters, underscore, or hyphen. No dot (.) or space is allowed.
   5. Select IPv6 Static to allow configuration of this portion of the profile.

      • Enable the IPv6 static redistribution portion of the profile.
      • Enter a Metric to apply to the IPv6 static routes redistributed to OSPFv3; range is 1 to 65,535.
      • Select a Metric Type: Type 1 or Type 2.
      • Select a Route-Map or create a New Route Map whose Match criteria control the IPv6 static routes to redistribute into OSPFv3. Default is None. If the route map Set configuration includes a Metric Action and Metric Value, they are applied to the redistributed route. Otherwise, the Metric configured on this redistribution profile is applied to the redistributed route. Likewise, the Metric Type in the route map Set configuration takes precedence over the Metric Type configured in this redistribution profile.
   6. Select Connected to allow configuration of this portion of the profile.

      • Enable the connected route redistribution portion of the profile.
      • Enter a Metric to apply to the connected routes redistributed to OSPFv3; range is 1 to 65,535.
      • Select a Metric Type: Type 1 or Type 2.
      • Select a Route-Map or create a New Route Map whose Match criteria control the connected routes to redistribute into OSPFv3. Default is None. If the route map Set configuration includes a Metric Action and Metric Value, they are applied to the redistributed route. Otherwise, the Metric configured on this redistribution profile is applied to the redistributed route. Likewise, the Metric Type in the route map Set configuration takes precedence over the Metric Type configured in this redistribution profile.
   7. Select BGP AFI IPv6 to allow configuration of this portion of the profile.

      • Enable the BGP AFI IPv6 route redistribution portion of the profile.
      • Enter a Metric to apply to the IPv6 BGP routes redistributed to OSPFv3; range is 0 to 4,294,967,295.
      • Select a Metric Type: Type 1 or Type 2.
      • Select a Route-Map or create a New Route Map whose Match criteria control the IPv6 BGP routes to redistribute into OSPFv3. Default is None. If the route map Set configuration includes a Metric Action and Metric Value, they are applied to the redistributed route. Otherwise, the Metric configured on this redistribution profile is applied to the redistributed route. Likewise, the Metric Type in the route map Set configuration takes precedence over the Metric Type configured in this redistribution profile.
   8. Select IPv6 Default Route to allow configuration of this portion of the profile.

      • Select Always to always create and redistribute the default route to OSPFv3, even if there is no default route on the router; default is enabled. If Always is not set, when there is no default route on the ABR, the default route is not redistributed.
      • Enable the IPv6 Default Route redistribution portion the profile.
      • Enter a Metric to apply to the IPv6 default route redistributed to OSPFv3; range is 0 to 4,294,967,295.
      • Select a Metric Type: Type 1 or Type 2.
   9. Save the profile.