Hello Mates 🙂
I'm testing an OSPF configuration in a CheckPoint Firewall cluster with 2 different routers.
I'm not able to avoid to announce all networks from Area0 (the ones directly connected in the Firewall but also the ones learned by OSPF in Backbone Area "0") to Area 1.
I attached a simple network diagram for better understanding.
My Configuration:
- FW has only 1 instance (default);
- Both Areas in FW are Normal Type;
- FW has all interfaces except Transit 2 in Area 0 (Backbone);
- FW has Transit 2 interface in Area 1;
- Net20, Net 21 and Net 22 are in passive mode;
- FW config is restricting Net 30 and Net31 from being advertised from Area 1 to Area 0;
My Goal:
- Only advertise Net22 from Area 0 to Area 1 (Only see Net22 in Router_2 routing table from OSPF);
My failed attempts:
- Restrict all networks except Net 22 in FW Area 1 config;
- Add all networks except Net 22 in address range in Area 0 config;
My understanding: Open to clarifications 🙂
- Restrictions and Ranges inside Area configuration is always into Area Backbone. (At least from the R80.30 Advanced Routing Admin Guide);
- Is my only option to create a different Instance and use redistribution between OSPF instances ?
Thanks in advance for your help !
Bruno Petrónio