https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/max-interfaces-OSPF/m-p/200015#M2344 <P>Including every interface in the OSPF process is not redistribution. I believe you have added them as passive so far. Probably we haven't enforced this limitation before, not 100% sure.</P> <P>If you want to redistribute your connected routes there are two options:</P> <P>1. Use redistribution</P> <P>2. Use route-maps</P> <P>Routemaps allow you to be more flexible allowing modification of the routes.</P> <P>Benefit of including the interfaces in OSPF process itself is that they will appear as internal OSPF routes (Type 1 LSA), show route shows them with O.</P> <P>If you redistribute them, they are automatically external routes (O E1 or O E2). This can become an issue only if you have the same routes coming from different sources. In this case the internal routes are prioritized over the external ones. However, you can change this designation with a routemap.</P> Thu, 07 Dec 2023 21:22:13 GMT Lari_Luoma 2023-12-07T21:22:13Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/max-interfaces-OSPF/m-p/199829#M2337 <P>We migrate a ClusterXL to Maestro with VSX R81.20. We have a lot of interfaces and most of them are doing OSPF. Now we are getting a limitation, after adding 128. OSPF interface:</P> <P>"Can only configure a maximum of 127 OSPF interfaces"</P> <P>Will this be a limitation of VSX or Maestro ?</P> <P>Any solution for this ?</P> Wed, 06 Dec 2023 07:53:43 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/max-interfaces-OSPF/m-p/199829#M2337 Wolfgang 2023-12-06T07:53:43Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/max-interfaces-OSPF/m-p/199832#M2338 <P>Best to open a TAC request to get an official answer.</P> Wed, 06 Dec 2023 08:24:02 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/max-interfaces-OSPF/m-p/199832#M2338 _Val_ 2023-12-06T08:24:02Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/max-interfaces-OSPF/m-p/200002#M2342 <P>This limitation is based on best practices that you shouldn't have more than 60 OSPF neighbors per router. Thus the number of OSPF interfaces per SGW/VS is 127 I talked this with R&amp;D and they also confirmed the same.<BR /><BR />See the article from Cisco below.<BR /><A href="https://www.ciscopress.com/articles/article.asp?p=1763921&amp;seqNum=6#:~:text=Number%20of%20adjacent%20neighbors%20for,no%20more%20than%2060%20neighbors." target="_blank">Designing Scalable OSPF Design &gt; Designing Cisco Network Service Architectures (ARCH): Developing an Optimum Design for Layer 3 (CCDP) | Cisco Press</A><BR /><BR />If you need more interfaces, you should segment your network.<BR /><BR /></P> Thu, 07 Dec 2023 17:53:17 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/max-interfaces-OSPF/m-p/200002#M2342 Lari_Luoma 2023-12-07T17:53:17Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/max-interfaces-OSPF/m-p/200013#M2343 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/1967">@Lari_Luoma</a>&nbsp;</P> <P>maybe I don‘t understand this. We have only two OSPF neighbours (these are external routers) and we have a gateway with 180 interfaces. We want to distribute via OSPF the routing information for the networks of these interfaces. We are doing this since 10 years with a Check Point Gateway without problems. The production system running R80.30 has no problem with all these interfaces.</P> Thu, 07 Dec 2023 21:01:05 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/max-interfaces-OSPF/m-p/200013#M2343 Wolfgang 2023-12-07T21:01:05Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/max-interfaces-OSPF/m-p/200015#M2344 <P>Including every interface in the OSPF process is not redistribution. I believe you have added them as passive so far. Probably we haven't enforced this limitation before, not 100% sure.</P> <P>If you want to redistribute your connected routes there are two options:</P> <P>1. Use redistribution</P> <P>2. Use route-maps</P> <P>Routemaps allow you to be more flexible allowing modification of the routes.</P> <P>Benefit of including the interfaces in OSPF process itself is that they will appear as internal OSPF routes (Type 1 LSA), show route shows them with O.</P> <P>If you redistribute them, they are automatically external routes (O E1 or O E2). This can become an issue only if you have the same routes coming from different sources. In this case the internal routes are prioritized over the external ones. However, you can change this designation with a routemap.</P> Thu, 07 Dec 2023 21:22:13 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/max-interfaces-OSPF/m-p/200015#M2344 Lari_Luoma 2023-12-07T21:22:13Z