Network > Routing > Logical Routers > OSPF
Table of Contents
11.1
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > Interfaces > PoE
- Network > Interfaces > Cellular
- Network > Interfaces > Fail Open
- Network > VLANs
- Network > Virtual Wires
-
- Network > Routing > Logical Routers > General
- Network > Routing > Logical Routers > Static
- Network > Routing > Logical Routers > OSPF
- Network > Routing > Logical Routers > OSPFv3
- Network > Routing > Logical Routers > RIPv2
- Network > Routing > Logical Routers > BGP
- Network > Routing > Logical Routers > Multicast
-
- Network > Routing > Routing Profiles > BGP
- Network > Routing > Routing Profiles > BFD
- Network > Routing > Routing Profiles > OSPF
- Network > Routing > Routing Profiles > OSPFv3
- Network > Routing > Routing Profiles > RIPv2
- Network > Routing > Routing Profiles > Filters
- Network > Routing > Routing Profiles > Multicast
- Network > Proxy
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
- Network > Network Profiles > MACsec Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > ACE
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > IoT Security > DHCP Server Log Ingestion
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > SCP
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
- Device > Policy Recommendation > IoT or SaaS > Import Policy Rule
-
- Device > User Identification > Connection Security
- Device > User Identification > Terminal Server Agents
- Device > User Identification > Group Mapping Settings
- Device > User Identification> Trusted Source Address
- Device > User Identification > Authentication Portal Settings
- Device > User Identification > Cloud Identity Engine
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Firewall Clusters
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Network > Routing > Logical Routers > OSPF
Description of OSPF fields for a logical router on an
Advanced Routing Engine.
The table describes the settings to configure OSPFv2 areas
for a logical router on an Advanced Routing Engine.
OSPF Settings | Description |
---|---|
Enable | Enable OSPF for the logical router. |
Router ID | Enter a router ID in the format of an IPv4 address. |
BFD Profile | If you want to apply Bidirectional Forwarding Detection
to OSPF, select a BFD profile or create a new one. Default is None
(Disable BFD). |
Global General Timer | Select a Global Timer profile or create
a new one to apply to OSPF. |
Global Interface Timer | Select an OSPF Interface Timer or create
a new one to apply to OSPF. |
Redistribution Profile | Select an OSPF Redistribution profile or
create a new one to redistribute IPv4 static routes, connected routes,
IPv4 BGP routes, or the IPv4 default route to the OSPF link-state
database. |
Area | |
Area ID | Add an area identified by its Area ID in
x.x.x.x format. This is the identifier that each neighbor must accept
to be part of the same area. |
Type | |
Authentication | Select an Authentication profile or create
a new one. |
Type | Select the type of OSPF area:
|
no-summary | (Stub and NSSA areas only) Select
to prevent the area from receiving Type 3 Summary LSAs and thereby
reduce traffic in the area. |
Default information originate | (NSSA areas only) Select to cause
OSPF to originate a default route. |
Metric | (NSSA areas only) Enter a metric
for the default route; range is 1 to 16,777,214; default is 10. |
Metric-type | (NSSA areas only) Type 1 or Type
2 |
ABR | Select if the logical router is an Area
Border Router, which allows the next four fields to be configured. |
Import-list | Select an access list or create a new one
to filter network routes coming into the area based on IPv4 source
address. |
Export-list | Select an access list or create a new one
to filter network routes that originated in the area, to allow or prevent
the routes from being advertised to other areas. |
Inbound Filter-List | Select a prefix list or create a new one
to filter network prefixes coming into the area. |
Outbound Filter-List | Select a prefix list or create a new one
to filter network prefixes that originated in the area, to prevent the
routes from being advertised to other areas. |
IPv4 Prefix | (NSSA areas only) If ABR is
selected and area type is NSSA, Add an
IPv4 prefix to summarize a group of external subnets into a single Type-7
LSA, which is then translated to a Type-5 LSA and advertised to
the backbone when you select Advertise. |
Range | |
IP Address/Netmask | Add an IP Address/Netmask. A Type-3 Summary LSA
(link-state advertisement) with routing information matching this
range is announced into the backbone area if the area contains at
least one intra-area network (that is, described with router or
network LSA) from this range). |
Substitute | Enter a substitute IPaddress/netmask so
that a Type-3 Summary LSA with this IP address/netmask is announced
into the backbone if the area contains at least one intra-area network
from the IP Address/netmask specified. |
Advertise | Select to send LSAs that match the subnet. |
Interface | |
Interface | Add each interface to be included in the
area. |
Enable | Enable the interface. |
MTU Ignore | Select to ignore maximum transmission unit
(MTU) mismatches when trying to establish an adjacency (default
is disabled; MTU match checking occurs). RFC 2328 defines the interface
MTU as “The size in bytes of the largest IP datagram that can be
sent out the associated interface, without fragmentation.” |
Passive | Select to prevent the interface from sending
or receiving OSPF packets; however, the interface is still included
in the link-state database. You can make an interface passive, for
example, if it connects to a switch, because you don’t want to send
Hello packets where there is no router. |
Link Type | Select the link type:
|
Priority | Enter the priority for the interface; the
priority for the router to be elected as a designated router (DR)
or backup DR (BDR); range is 0 to 255; default is 1. If zero is
configured, the router will not be elected as DR or BDR. |
Timer Profile | Select a Timer Profile or create a new one
to apply to the interface. This profile overrides the Global Interface
Timer profile applied to OSPF. |
Authentication | Select an Authentication Profile or create
a new one to apply to the interface. This profile overrides the Authentication
profile applied on the Type tab. |
BFD Profile | Select a BFD Profile or Inherit-vr-global-setting (default)
or create a new BFD profile or select None (Disable BFD).
This profile overrides the profile configured for OSPF. |
Cost | Specify a cost for the interface; range
is 1 to 65,535; default is 10. |
Virtual Link | |
Name | Enter a name for the virtual link. |
Enable | Enable the virtual link. |
Area | |
Router ID | |
Timer Profile | Select a Timer Profile or create a new one
to apply to the virtual link. This profile overrides the Global Interface
Timer profile applied to OSPF. |
Authentication | Select an Authentication Profile or create
a new one to apply to the virtual link. This profile overrides the Authentication
profile applied on the Type tab. |
Advanced | |
rfc-1583 compatibility | Select to enforce compatibility with RFC
1583, which allows one best route to an autonomous system boundary
router (ASBR) in the OSPF routing table. Default is disabled, which
means the OSPF routing table can maintain multiple intra-AS paths
in the routing table, thereby preventing routing loops. |
Graceful Restart—Enable Graceful Restart | Enable Graceful Restart for the logical
router; default is enabled. |
Enable Helper Mode | Enable Graceful Restart Helper Mode for
the logical router; default is enabled. |
Enable Strict LSA Checking | Enable Strict LSA Checking to cause the
helper router to stop performing helper mode and causes the graceful
restart process to stop if a link-state advertisement indicates
a network topology change; default is enabled. |
Grace Period (sec) | Specify the number of seconds within which
the logical router will perform a graceful restart if the firewall goes
down or becomes unavailable. Range is 5 to 1,800; default is 120. |
Max Neighbor Restart Time (sec) | Range is 5 to 1,800; default is 140. |