Create a Post
Showing results for 
Search instead for 
Did you mean: 
Jump to solution

r77.30 ospf drop hello

Hi everyone

There are one cisco router, one cisco switch and checkpoint cluster in my infrastructure. Cisco router and cisco switch already established ospf neighborship and now I'm trying to establish ospf between between Catalyst 3650 and HA-Cluster R77.30. And it is not working.

Debug information
1. Catalyst sends hello to Cluster
14:40:52.400: OSPF: Send hello to area 0 on Vlan201 from
14:41:01.645: OSPF: Send hello to area 0 on Vlan201 from
2. Cluster receives it:
[Expert@FIREWALL-1:0]# tcpdump -i eth7.201 ip proto ospf
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth7.201, link-type EN10MB (Ethernet), capture size 96 bytes
17:31:58.572861 IP > OSPFv2, Hello, length: 56
17:32:07.999643 IP > OSPFv2, Hello, length: 56
3. But cluster drops this packets
Log Server Origin:
Time: 2017-07-26T14:52:54Z
Interface Direction: inbound
Interface Name: eth7.201
Id Generated By Indexer:false
First: true
Sequencenum: 2147483647
Source Zone: Internal
Rule UID: 145130C7-F7D3-4628-B3EA-13B005CFA621
IP Protocol: 89
Access Rule Name: CLEAN-UP
Access Rule Number: 21
Action: Drop
Type: Log
Policy Management: MANAGEMENT-1
Blade: Firewall
Origin: FIREWALL-1
Service: 89
Product Family: Access
Layer Name: Firewall_layer
Interface: eth7.201
Description: ospf Traffic Dropped from to

4. However I have rule for allow ospf traffic with number 4 (which is upper than 21)
SRC: Catalyst, Cluster
DST: multicast,,, Cluster
Service: OSPF, IGMP
Action: Accept

Could somebody give any help? Trying to make it works more than two days.


0 Kudos
9 Replies
This widget could not be displayed.