You are here
SEC0301 - PAN 9.0 Routing - OSPF (Part 1)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video walks you through different configuration scenarios of OSPF routing on Palo Alto firewall. We will first bring up OSPF adjacency between the firewall and neighboring routing devices. We will then make our way through OSPF available features including Virtual Link, route summarization, suppression, export rule and authentication. Different OSPF area types will be looked at throughout the lab.
Part 1 of this video covers OSPF neighbor adjacency, and virtual link
Topic:
- OSPF Neighbor Adjacency
-
OSPF Area
- Normal
- Stub
- Totally Stubby
- Not-So-Stubby
- Totally Not-So-Stubby
- Virtual Link
- Route Summarization
- Route Suppression
- Export Rule
- OSPF Authentication
3 comments
Route Advertisement
Hi Metha,
Great Stuff!! I've a query on the network command/route advertisement configured on the switch/router. I'm aware that network commands, advertise the networks that fall within this range in OSPF and activate OSPF on the interface(s) that fall within this range. But you've configured 172.16.12.2 0.0.0.0 (and not 0.0.0.255) which is the equivalent to 172.16.32.2/32 but firewall is learning it as 172.16.32.0/24 which seems to be a different behavior. Can you please clarify on this..? Thanks
Route Advertisement
172.16.12.2 is an IP on HQ-R2 in DMZ which has nothing to do with 172.16.32.0/24 that is advertised from the inside SW1. 172.16.12.2 0.0.0.0 is a way to enable OSPF on HQ-R2 interface. It matches that very specific interface and not just any IP on 172.16.12.0/24 subnet.
Hi Metha
Hi Metha
First of all, I wanna take this opportunity to thank you for helping networking community with the great video series and it's helping immensely everyone.
Apologies for the typo I entered.
In LM-HQ-R2, you've entered 172.16.13.1 0.0.0.0 area 12 (Loopback 100) which is equivalent to 172.16.13.1/32 but LM-HQ-SW1 is learning it as 172.16.13.0/24 via OSPF IA route. I guess, LM core switch should be learning it as /32 and not /24 as bits are set to 0.0.0.0 and not 0.0.0.255. Can you please brief?