interface that will be part of the area.
The OSPF Interface object needs the following parameters specified in its properties:
• Interface - the physical interface which will be part of the OSPF area.
• Network - the network on the interface that will be part of the area.
This does not need to be specified and if it is not, the network assigned to the physical interface
is used. For example if lan is the interface then lannet will be the default network.
• Interface Type - this would normally be Auto so that the correct type is automatically selected.
• The advanced option No OSPF routers connected to this interface must be enabled if the
physical interface does not connect directly to another OSPF Router (in other words, with
another NetDefend Firewall that acts as an OSPF router). For example, the interface may only
be connected to a network of clients, in which case the option would be enabled.
The option must be disabled if the physical interface is connected to another firewall which is set
up as an OSPF Router. In this example, the physical interface connected to the other firewall
would have this option disabled.
4. Add a Dynamic Routing Rule
Finally, a Dynamic Routing Rule needs to be defined to deploy the OSPF network. This involves
two steps:
i. A Dynamic Routing Policy Rule object is added. This rule should be an Import rule that enables
the option From OSPF Process so that the previously defined OSPF Router Process object is
selected. What we are doing is saying that we want to import all routes from the OSPF AS.
In addition, the optional Or is within filter parameter for the destination network must be set to
be all-nets. We could use a narrower filter for the destination network but in this case we want
all networks.
ii. Within the Dynamic Routing Policy Rule just added, we now add a Routing Action object. Here
we add the routing table into the Selected list which will receive the routing information from
OSPF.
In the typical case this will be the routing table called main.
There is no need to have a Dynamic Routing Policy Rule which exports the local routing table into
the AS since this is done automatically for OSPF Interface objects.
The exception to this is if a route involves a gateway (in other words, a router hop). In this case the
route MUST be explicitly exported. The most frequent case when this is necessary is for the all-nets
route to the external public Internet where the gateway is the ISP's router. Doing this is discussed in
the next step.
5. Add a Dynamic Routing Rule for all-nets
Optionally, a Dynamic Routing Rule needs to be defined if there is an all-nets route. For example, if
the firewall is connected to an ISP. This involves the following steps
i. A Dynamic Routing Policy Rule object is added. This rule should be an Export rule that enables
the option From Routing Table with the main routing table moved to the Selected list.
In addition, the optional Or is within filter parameter for the destination network must be set to
be all-nets.
ii. Within the Dynamic Routing Policy Rule just added, we now add an OSPF Action object. Here
set the Export to process option to be the OSPF Router Process which represents the OSPF
4.5.5. Setting Up OSPF Chapter 4. Routing
214
To Next Page
Loading...
