This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Paul_Warnagiris
Advisor
‎2025-01-03 08:15 AM

Separate OSPF routing instance

Good Morning, I'm trying to set up a separate routing instance on a 9100.  I am running OSPF and BGP for poor-man's redundancy.  It works fine.  Now I need to connect to the same switch on another VNF for DMZ routing.  The problem I am having is area zero.  I need two separate area zeros so I assume I need to set up a different VNF (for lack of better terms) on the Check Point.  I see references to this being able to be done and how to share routes between the two, but for the life of me I can't find instructions on how to do it.  As anyone ever done this or can you point me in the right direction?  Thanks in advance.

7 Replies
the_rock
MVP Platinum
MVP Platinum
‎2025-01-03 08:34 AM

Let me see if I can try this in the lab.

Andy

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-01-03 08:51 AM

I cant really seem to be able to add another area 0, as default one would be exactly that. Even in the guide, does not appear there is option to do so.

Andy

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Gaia_Advanced_Routing_AdminG...

Best,
Andy
0 Kudos
Paul_Warnagiris
Advisor
‎2025-01-03 08:57 AM
In response to the_rock

Agree.  So what the heck to you think this is referring to? 

***snip***

Multiple OSPF Instances let you separate OSPF into multiple OSPF domains........Separate OSPF Instances do not share link state with one another, and will not pass routes among themselves unless explicitly configured to do so using either Route Redistribution or Routemaps.

***/snip***

Form this link:

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-01-03 09:00 AM
In response to Paul_Warnagiris

Right, BUT, wording is the key...SEPARATE ospf instances, but NOT with same area number (does not state that specifically in the link, but even if you try to add it, thats what it complains about, ie 2 areas zero)

Andy

Best,
Andy
0 Kudos
Paul_Warnagiris
Advisor
‎2025-01-03 09:06 AM
In response to the_rock

OK.  I don't claim to be a routing guru, but I did stay at a Holiday Inn last night. (maybe that's the problem 😀). 

If you don't mind and you do know, what is the difference between separate OSPF instances and separate routing instance?  I just assumed that is what it was referencing.  What exactly does separate instance mean if not separate instance?  Is that just referencing stubs and NSSAs?  If you say yes, that's sort of stinks for what I'm doing. 

(1)
the_rock
MVP Platinum
MVP Platinum
‎2025-01-03 09:12 AM
In response to Paul_Warnagiris

Well, if its Holiday inn closest to LHR airport, I hear ya lol

Anyway, Im probably way LESS routing guru than you, but in my mind, its referencing the same thing.

So, area 0 (backbone area) is the ONLY area that can communicate with all other areas. 

Stub area would block external routes, or at least limit them.

NSSA (not so stuby area) is similar to above, but little more flexibility.

Hope that helps!

Andy

Best,
Andy
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2025-01-03 01:47 PM

What you're asking about was possible on SecurePlatform with gated. I worked for a company which depended heavily on the capability and couldn't upgrade past R67 because it was dropped from Gaia for quite a while.

Looks like it was eventually integrated into the main release. In clish, type 'set ospf instance', then hit the Escape key twice.

This is like multiple OSPF "processes" in Cisco's terminology.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events