D-Link DFL-860 Product Manual - Page 189
No OSPF routers connected to this interface, From OSPF Process, Or is within, all-nets
UPC - 790069900204
View all D-Link DFL-860 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 189 highlights
4.5.5. Setting Up OSPF Chapter 4. Routing • The advanced option No OSPF routers connected to this interface must be enabled if the physical interface doesn't connect directly to another OSPF Router (in other words, with another NetDefend Firewall that acts as an OSPF router). For example, the interface may only be connected to a network of clients, in which case the option would be enabled. The option must be disabled if the physical interface is connected to another firewall which is set up as an OSPF Router. In this example, the physical interface connected to the other firewall would have this option disabled. 4. Add a Dynamic Routing Rule Finally, a Dynamic Routing Rule needs to be defined to deploy the OSPF network. This involves two steps: i. A Dynamic Routing Policy Rule object is added. This rule should be an Import rule that enables the option From OSPF Process so that the previously defined OSPF Router Process object is selected. What we are doing is saying that we want to import all routes from the OSPF AS. In addition, the optional Or is within filter parameter for the destination network must be set to be all-nets. We could use a narrower filter for the destination network but in this case we want all networks. ii. Within the Dynamic Routing Policy Rule just added, we now add a Routing Action object. Here we add the routing table into the Selected list which will receive the routing information from OSPF. In the typical case this will be the routing table called main. There is no need to have a Dynamic Routing Policy Rule which exports the local routing table into the AS since this is done automatically for OSPF Interface objects. The exception to this is if a route involves a gateway (in other words, a router hop). In this case the route MUST be explicitly exported. The most frequent case when this is necessary is for the all-nets route to the external public Internet where the gateway is the ISP's router. Doing this is discussed in the next step. 5. Add a Dynamic Routing Rule for all-nets Optionally, a Dynamic Routing Rule needs to be defined if there is an all-nets route. For example, if the firewall is connected to an ISP. This involves the following steps i. A Dynamic Routing Policy Rule object is added. This rule should be an Export rule that enables the option From Routing Table with the main routing table moved to the Selected list. In addition, the optional Or is within filter parameter for the destination network must be set to be all-nets. ii. Within the Dynamic Routing Policy Rule just added, we now add an OSPF Action object. Here set the Export to process option to be the OSPF Router Process which represents the OSPF AS. 6. Repeat these steps on the other firewall Now repeat steps 1 to 5 for the other NetDefend Firewall that will be part of the OSPF AS and area. The OSPF Router and OSPF Area objects will be identical on each. The OSPF Interface objects will be different depending on which interfaces and networks will be included in the OSPF system. If more than two firewalls will be part of the same OSPF area then all of them should be configured similarly. 189