D-Link DFL-260E User Manual page 194

Network security firewall netdefendos version 2.27.03
Hide thumbs Also See for DFL-260E:
Table of Contents

Advertisement

4.5.5. Setting Up OSPF
The advanced option No OSPF routers connected to this interface must be enabled if the
physical interface does not connect directly to another OSPF Router (in other words, with
another NetDefend Firewall that acts as an OSPF router). For example, the interface may only
be connected to a network of clients, in which case the option would be enabled.
The option must be disabled if the physical interface is connected to another firewall which is set
up as an OSPF Router. In this example, the physical interface connected to the other firewall
would have this option disabled.
4. Add a Dynamic Routing Rule
Finally, a Dynamic Routing Rule needs to be defined to deploy the OSPF network. This involves
two steps:
i.
A Dynamic Routing Policy Rule object is added. This rule should be an Import rule that enables
the option From OSPF Process so that the previously defined OSPF Router Process object is
selected. What we are doing is saying that we want to import all routes from the OSPF AS.
In addition, the optional Or is within filter parameter for the destination network must be set to
be all-nets. We could use a narrower filter for the destination network but in this case we want
all networks.
ii.
Within the Dynamic Routing Policy Rule just added, we now add a Routing Action object. Here
we add the routing table into the Selected list which will receive the routing information from
OSPF.
In the typical case this will be the routing table called main.
There is no need to have a Dynamic Routing Policy Rule which exports the local routing table into
the AS since this is done automatically for OSPF Interface objects.
The exception to this is if a route involves a gateway (in other words, a router hop). In this case the
route MUST be explicitly exported. The most frequent case when this is necessary is for the all-nets
route to the external public Internet where the gateway is the ISP's router. Doing this is discussed in
the next step.
5. Add a Dynamic Routing Rule for all-nets
Optionally, a Dynamic Routing Rule needs to be defined if there is an all-nets route. For example, if
the firewall is connected to an ISP. This involves the following steps
i.
A Dynamic Routing Policy Rule object is added. This rule should be an Export rule that enables
the option From Routing Table with the main routing table moved to the Selected list.
In addition, the optional Or is within filter parameter for the destination network must be set to
be all-nets.
ii.
Within the Dynamic Routing Policy Rule just added, we now add an OSPF Action object. Here
set the Export to process option to be the OSPF Router Process which represents the OSPF
AS.
6. Repeat these steps on the other firewall
Now repeat steps 1 to 5 for the other NetDefend Firewall that will be part of the OSPF AS and area.
The OSPF Router and OSPF Area objects will be identical on each. The OSPF Interface objects
will be different depending on which interfaces and networks will be included in the OSPF system.
If more than two firewalls will be part of the same OSPF area then all of them should be configured
similarly.
194
Chapter 4. Routing

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents