Create a Post
Showing results for 
Search instead for 
Did you mean: 
Jump to solution

Filtering networks between OSPF Areas

Hello Mates 🙂


I'm testing an OSPF configuration in a CheckPoint Firewall cluster with 2 different routers.

I'm not able to avoid to announce all networks from Area0 (the ones directly connected in the Firewall but also the ones learned by OSPF in Backbone Area "0") to Area 1.


I attached a simple network diagram for better understanding.



My Configuration:

  • FW has only 1 instance (default);
  • Both Areas in FW are Normal Type;
  • FW has all interfaces except Transit 2 in Area 0 (Backbone);
  • FW has Transit 2 interface in Area 1;
  • Net20, Net 21 and Net 22 are in passive mode;
  • FW config is restricting Net 30 and Net31 from being advertised from Area 1 to Area 0;

My Goal:

  • Only advertise Net22 from Area 0 to Area 1 (Only see Net22 in Router_2 routing table from OSPF);

My failed attempts:

  • Restrict all networks except Net 22 in FW Area 1 config;
  • Add all networks except Net 22 in address range in Area 0 config;


My understanding: Open to clarifications 🙂

  • Restrictions and Ranges inside Area configuration is always into Area Backbone. (At least from the R80.30 Advanced Routing Admin Guide);
  • Is my only option to create a different Instance and use redistribution between OSPF instances ?


Thanks in advance for your help !

Bruno Petrónio

0 Kudos
1 Solution

Accepted Solutions

Just for the sake of sharing, i ended up creating a different instance with Area 1 and then redistributing what i needed.

View solution in original post

0 Kudos
6 Replies

Hi Bruno.


Thank you for your detailed post.


Have you configured the ospf areas in cli?


Sometimes I find configuring OSPF is better in CLI.

This way, you can set the redistribution options for OSPF areas and also restrict to apply restrictions to areas.


A copy of your OSPF configuration maybe handy here - blanking out any ip addresses if you so wish to.


Please get this from running show configuration on the firewall CLI

0 Kudos

Hi Jack,

I've done the config in GUI, but re-done in clish 🙂

I was thinking redistributing was about different protocols and not inside the same protocol (in same instance). 


The ospf output config as the show route output 


The router outputs:


Thanks in advance!

0 Kudos

Hi Bruno,


To advertise the routes to the different area, you need to do a 'set ospf area xxxx range on

Then, as you have done above, to restrict routes, you need to do a 'set ospf area xxx range restrict on'


Let me know how you get on 🙂 

0 Kudos

Hi Jack,


Without doing the "set ospf instance default area 0 range on", im still getting in Router_2 all the networks belonging from Router_1 and all networks defined in the Firewall as belonging in Area0.

I give it the chance to try, and even if i allow the range and then restrict the, (in area 0 configuration) i still see both ( and in my Router_2 learned by OSPF.


What i could see as different was when i did the same for, without restrict any i got a summarized route instead 3 individual.

Restriction still don't restrict from Area0 to Area 1.

In Admin guide they always mention add and restrict networks from other areas to Backbone... I'm wondering if this is a limitation ?! 



0 Kudos

Just for the sake of sharing, i ended up creating a different instance with Area 1 and then redistributing what i needed.

0 Kudos
Leader Leader

One thing I would like to do is:
Ensure the Checkpoint is advertising only a default route into an OSPF area (NSSA), but learns other routes in that area, would the above achieve this?

So on the switch the only route it should pickup is a default route via the Checkpoint.
On the Checkpoint learn any connected routes and advertised routes from the switch.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events