Who rated this post

Quick OSPF configuration for SMB devices, this example was completed on a 1450 device.

Use cases:

1. Connecting an SMB device to an internal MPLS or other private network link.
2. Connecting to an ISP via OSPF to facilitate faster link failover detection.

Environment:

In this environment we have on Checkpoint 1430 with a local 192.168.1.1/24 network and 2 virtual Cisco routers (GNS3) simulating an MPLS network.

Configuration commands on the CP1450 to enable OSPF,

1. Configure the IP address on an interface:
   1. set switch "LAN1_Switch" delete port "LAN6"
   2. set interface "LAN6" ipv4-address "172.17.0.2" subnet-mask "255.255.255.252"
   3. set interface "LAN6" state "on"
2. Configure OSPF on the CP1450
   1. Set Router ID
      172. Set router-id 172.17.0.2
   2. Enable LAN6 for routing
      1. Set ospf interface LAN6 area backbone on
   3. Advertising local LAN Switch address range into OSPF, it is not possible to enable OSPF on the LAN1_Switch interface.
      192. set ospf area backbone range 192.168.1.0/24 on

At the end of step 2b the CP1450 and a properly configured Cisco router will establish a neighbor relationship and exchange routes. As demonstrated via the ‘show ospf neighbors’ output from the cp1450, we have an FULL/BDR relationship with 172.17.0.1.

However from the Cisco side we don’t see the local 192.168.1.0/24 network and need to add the ‘set ospf area backbone range 192.168.1.0/24 on’ command. This command is allows the Checkpoint gateway to advertise known networks that fall within the Range in the command. See below, the first show ip route command doesn’t have the 192.168.1.0/24 network and the second is after adding the OSPF range command to the SMB gateway.

We could add security to the OSPF neighbor relationships by adding ‘authtype simple’ or ‘authtype md5’/ Both authtype command require a password or MD5 key.

References: The ‘Check Point 600/700/1100/1200R/1400 Appliance Advanced Routing Guide’, was used in the development of this post.