Configure OSPF

Configure general virtual router settings.
Enable OSPF.
Select the
OSPF
tab.
Select
Enable
to enable the OSPF protocol.
Enter the
Router ID
.
Select
Reject Default Route
if you do not want to learn any default routes through OSPF. This is the recommended, default setting.
Clear
Reject Default Route
if you want to permit redistribution of default routes through OSPF.
Configure Areas - Type for the OSPF protocol.
On the
Areas
tab,
Add
an
Area ID
for the area in x.x.x.x format. This is the identifier that each neighbor must accept to be part of the same area.
On the
Type
tab, select one of the following from the area
Type
list:
Normal
—There are no restrictions; the area can carry all types of routes.
Stub
—There is no outlet from the area. To reach a destination outside of the area, it is necessary to go through the border, which connects to other areas. If you select this option, configure the following:
Accept Summary
—Link state advertisements (LSA) are accepted from other areas. If this option on a stub area Area Border Router (ABR) interface is disabled, the OSPF area will behave as a Totally Stubby Area (TSA) and the ABR will not propagate any summary LSAs.
Advertise Default Route
—Default route LSAs will be included in advertisements to the stub area along with a configured metric value in the configured range 1-255.
NSSA
(Not-So-Stubby Area)—The firewall can leave the area only by routes other than OSPF routes. If you select NSSA, select
Accept Summary
and
Advertise Default Route
as described for
Stub
. If you select this option, configure the following:
Type
—Select either
Ext 1
or
Ext 2
route type to advertise the default LSA.
Ext Ranges
—
Add
ranges of external routes that you want to
Advertise
or for which you want to
Suppress
advertising.
Click
OK
.
Configure Areas - Range for the OSPF protocol
On the
Range
tab,
Add
aggregate LSA destination addresses in the area into subnets.
Advertise
or
Suppress
advertising LSAs that match the subnet, and click
OK
. Repeat to add additional ranges.
Configure Areas - Interfaces for the OSPF protocol
On the
Interface
tab,
Add
the following information for each interface to be included in the area:
Interface
—Select an interface.
Enable
—Selecting this option causes the OSPF interface settings to take effect.
Passive
—Select if you do not want the OSPF interface to send or receive OSPF packets. Although OSPF packets are not sent or received if you choose this option, the interface is included in the LSA database.
Link type
—Choose
Broadcast
if you want all neighbors that are accessible through the interface to be discovered automatically by multicasting OSPF hello messages, such as an Ethernet interface. Choose
p2p
(point-to-point) to automatically discover the neighbor. Choose
p2mp
(point-to-multipoint) when neighbors must be defined manually and
Add
the neighbor IP addresses for all neighbors that are reachable through this interface.
Metric
—Enter an OSPF metric for this interface (range is 0-65,535; default is 10).
Priority
—Enter an OSPF priority for this interface. This is the priority for the router to be elected as a designated router (DR) or as a backup DR (BDR) (range is 0-255; default is 1). If zero is configured, the router will not be elected as a DR or BDR.
Auth Profile
—Select a previously-defined authentication profile.
Timing
—Modify the timing settings if desired (
not recommended
). For details on these settings, refer to the online help.
Click
OK
.
Configure Areas - Virtual Links.
On the
Virtual Link
tab,
Add
the following information for each virtual link to be included in the backbone area:
Name
—Enter a name for the virtual link.
Enable
—Select to enable the virtual link.
Neighbor ID
—Enter the router ID of the router (neighbor) on the other side of the virtual link.
Transit Area
—Enter the area ID of the transit area that physically contains the virtual link.
Timing
—It is recommended that you keep the default timing settings.
Auth Profile
—Select a previously-defined authentication profile.
Click
OK
to save virtual links.
Click
OK
to save area.
(
Optional
) Configure Auth Profiles.
By default, the firewall does not use OSPF authentication for the exchange between OSPF neighbors. Optionally, you can configure OSPF authentication between OSPF neighbors by either a simple password or using MD5 authentication. MD5 authentication is recommended; it is more secure than a simple password.
Simple Password OSPF authentication
Select the
Auth Profiles
tab and
Add
a name for the authentication profile to authenticate OSPF messages.
Select
Simple Password
as the
Password Type
.
Enter a simple password and then confirm.
MD5 OSPF authentication
Select the
Auth Profiles
tab and
Add
a name for the authentication profile to authenticate OSPF messages.
Select
MD5
as the
Password Type
and
Add
one or more password entries, including:
Key-ID (range is 0-255)
Key
Select the
Preferred
option to specify that the key be used to authenticate outgoing messages.
Click
OK
.
Configure Advanced OSPF options.
On the
Advanced
tab, select
RFC 1583 Compatibility
to ensure compatibility with RFC 1583.
Specify a value for the
SPF Calculation Delay (sec)
timer, which allows you to tune the delay time (in seconds) between receiving new topology information and performing an SPF calculation. Lower values enable faster OSPF re-convergence. Routers peering with the firewall should use the same delay value to optimize convergence times.
Specify a value for the
LSA Interval (sec)
timer, which is the minimum time between transmissions of two instances of the same LSA (same router, same type, same LSA ID). This is equivalent to MinLSInterval in RFC 2328. Lower values can be used to reduce re-convergence times when topology changes occur.
Click
OK
.
Commit
your changes.