This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
brk_01
Explorer
‎2023-08-09 08:05 AM

OSPF routes showing up as hidden

 

I have an ospf area created between pairs of cisco 6807s, cisco 9500s and checkpoint 28000s (r81.10 JHF 66)

((cisco 6807 <-->  (eth3-04) CP28000 (eth3-01)  <--> cisco 9500))

PTP connections between the cisco devices and the Firewalls.

I have a vlan(s) hosted on the 6807s, advertised through OSPF, and other vlan(s) on the 9500s.  These vlans are configured the same on the cisco boxes (obviously different subnets).

On the firewall, I see the 6807 vlan(s) and they work, but the vlan(s) from the 9500s are showing up as Hidden / Inactive (although I do see them in the route table on the 6807s).

on the fw:

>show route ospf all

O x.x.0.0/28 via y.y.0.73, eth3-04, cost 1001, age 34609, instance default       (6807 hosted)
O x.x.0.16/28 via y.y.0.73, eth3-04, cost 1001, age 34609, instance default     (6807 hosted)
O H i x.x.0.32/28 is an unusable route           (9500 hosted)
O H i x.x.0.48/28 is an unusable route           (9500 hosted)
O H i x.x.64/28 is an unusable route              (9500 hosted)
O H i y.y.0.72/31 is an unusable route           (9500 hosted)
O H i y.y.0.74/31 is an unusable route           (9500 hosted)

>show ospf interfaces

Name IP Address Area ID State NC DR Interface BDR Interface Errors
eth3-04  y.y.0.72 0.0.0.60 P2P 1 N/A N/A 1
eth3-01  y.y.0.75 0.0.0.60 P2P 1 N/A N/A 0

 

on the 6807s

#show ip route

O x.x.0.32/28 [110/1101] via y.y.0.72, 09:45:30, TenGigabitEthernet7/15
O x.x.0.48/28 [110/1101] via y.y.0.72, 09:45:30, TenGigabitEthernet7/15
O x.x.0.64/28 [110/1101] via y.y.0.72, 09:45:30, TenGigabitEthernet7/15

 

on the 9500s

#show ip route

O x.x.0.0/28 [110/1101] via y.y.0.75, 09:45:05, TenGigabitEthernet2/1/2
O x.x.0.16/28 [110/1101] via y.y.0.75, 09:45:05, TenGigabitEthernet2/1/2

 

I have involved TAC, but no resolution as of yet.

Any ideas i can look at?

Labels
0 Kudos
2 Replies
the_rock
Legend
Legend
‎2023-08-09 08:12 AM

We had exact same issue with the client last year. I will look at the notes and see how we fixed it. Also had TAC case for it, but it was 2 months and no luck, so we had to figure it out ourselves : - )

0 Kudos
the_rock
Legend
Legend
‎2023-08-09 09:44 AM

Just had quick chat with a colleague and he said that one would need to import route map to add them to the global routing table, which is what we did for the customer.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top