D-Link DFL-260E User Manual page 195
Network security firewall netdefendos version 2.27.03
Hide thumbs
Also See for DFL-260E:
- Reference manual (948 pages) ,
- Log reference manual (652 pages) ,
- User manual (589 pages)
Table of Contents
Advertisement
4.5.5. Setting Up OSPF
OSPF Routing Information Exchange Begins Automatically
As the new configurations are created in the above steps and then deployed, OSPF will
automatically start and begin exchanging routing information. Since OSPF is a dynamic and
distributed system, it does not matter in which order the configurations of the individual firewalls
are deployed.
When the physical link is plugged in between two interfaces on two different firewalls and those
interfaces are configured with OSPF Router Process objects, OSPF will begin exchanging routing
information.
Confirming OSPF Deployment
It is now possible to check that OSPF is operating and that routing information is exchanged.
We can do by listing the routing tables either with the CLI or using the Web Interface. In both cases,
routes that have been imported into the routing tables though OSPF are indicated with the letter "O"
to the left of the route description. For example, if we use the routes command, we might see the
following output:
gw-world:/> routes
Flags Network
----- --------------- ----------- --------------- ---------- ------
192.168.1.0/24
172.16.0.0/16
O
192.168.2.0/24
Here, the route for 192.168.2.0/24 has been imported via OSPF and that network can be found on
the WAN interface with the gateway of 172.16.2.1. The gateway in this case is of course the
NetDefend Firewall to which the traffic should be sent. That firewall may or may not be attached to
the destination network but OSPF has determined that that is the optimum route to reach it.
The CLI command ospf can also be used to indicate OSPF status. The options for this command are
fully described in the CLI Reference Guide.
Sending OSPF Traffic Through a VPN Tunnel
In some cases, the link between two NetDefend Firewalls which are configured with OSPF Router
Process objects may be insecure. For example, over the public Internet.
In this case, we can secure the link by setting up a VPN tunnel between the two firewalls and telling
OSPF to use this tunnel for exchange of OSPF information. Next, we will look at how to set this up
and assume that IPsec will be the chosen method for implementing the tunnel.
To create this setup we need to perform the normal OSPF steps described above but with the
following additional steps:
1. Set up an IPsec tunnel
First set up an IPsec tunnel in the normal way between the two firewalls A and B. The IPsec setup
options are explained in Section 9.2, "VPN Quick Start".
This IPsec tunnel is now treated like any other interface when configuring OSPF in NetDefendOS.
2. Choose a random internal IP network
For each firewall we need to choose a random IP network using internal IP addresses. For example,
for firewall A we could use the network 192.168.55.0/24.
Iface
Gateway
lan
wan
wan
172.16.2.1
195
Chapter 4. Routing
Local IP
Metric
0
0
1
- Quick Links:
- The Web Interface
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
