View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0301 - PAN 9.0 Routing - OSPF (Part 1)

SEC0301 - PAN 9.0 Routing - OSPF (Part 1)

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
Video Download: 
Title: SEC0301 - Video Download $14.00
Purchase SEC0301 - Video Download $14.00

The video walks you through different configuration scenarios of OSPF routing on Palo Alto firewall. We will first bring up OSPF adjacency between the firewall and neighboring routing devices. We will then make our way through OSPF available features including Virtual Link, route summarization, suppression, export rule and authentication. Different OSPF area types will be looked at throughout the lab.

Part 1 of this video covers OSPF neighbor adjacency, and virtual link

Topic:

  • OSPF Neighbor Adjacency
  • OSPF Area
    • Normal
    • Stub
    • Totally Stubby
    • Not-So-Stubby
    • Totally Not-So-Stubby
  • Virtual Link
  • Route Summarization
  • Route Suppression
  • Export Rule
  • OSPF Authentication
Tag: 
pan
pan 9.0
firewall
ngfw
ospf
stub
nssa
virtual link
summarization
authentication

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

3 comments

Submitted by Srinivasan on Thu, 08/03/2023 - 05:44

Hi Metha,

Great Stuff!! I've a query on the network command/route advertisement configured on the switch/router. I'm aware that network commands, advertise the networks that fall within this range in OSPF and activate OSPF on the interface(s) that fall within this range. But you've configured 172.16.12.2 0.0.0.0 (and not 0.0.0.255) which is the equivalent to 172.16.32.2/32 but firewall is learning it as 172.16.32.0/24 which seems to be a different behavior. Can you please clarify on this..? Thanks

Submitted by admin on Thu, 08/03/2023 - 20:59

172.16.12.2 is an IP on HQ-R2 in DMZ which has nothing to do with 172.16.32.0/24 that is advertised from the inside SW1. 172.16.12.2 0.0.0.0 is a way to enable OSPF on HQ-R2 interface. It matches that very specific interface and not just any IP on 172.16.12.0/24 subnet.

Submitted by Srinivasan on Thu, 08/03/2023 - 22:33

Hi Metha
First of all, I wanna take this opportunity to thank you for helping networking community with the great video series and it's helping immensely everyone.
Apologies for the typo I entered.
In LM-HQ-R2, you've entered 172.16.13.1 0.0.0.0 area 12 (Loopback 100) which is equivalent to 172.16.13.1/32 but LM-HQ-SW1 is learning it as 172.16.13.0/24 via OSPF IA route. I guess, LM core switch should be learning it as /32 and not /24 as bits are set to 0.0.0.0 and not 0.0.0.255. Can you please brief?