Hi Marvin,

I am managing the device locally using Firepower Device Manager (FDM) via the management LAN port. Software version is 6.3.0-83

Please advise
Thank You
Peter

You should be able to do it as follows:

1. On the Device page, select Advanced Configuration
2. In the left pane, under Smart CLI, select Routing
3. Click on the Create Smart CLI Object button or the plus button on the top right
4. In the Add Smart CLI Object pop up, Enter Name, Description, and Select OSPF template

5. Fill in the values highlighted in green (OSPF area number and network information)

6. Then use the Interface cli template to assign an interface to the OSPF area you just configured.

7. Deploy the changes and confirm.

Note - if somebody needs a more advanced OSPF configuration, select the "Show disabled" buttons when first selecting the OSPF template. That will give you more OSPF parameters to choose from (area types, route summarization static neighbors, redistribution etc.). Things like MD5 key, priority etc. are set under the interface template.

Hi Marvin,

I just need to do the following command, but using SmartCLI and maybe FlexConfig if required.

1. May I know how to do the following using SmartCLI and maybe FlexConfig?
router ospf 1
  log-adjacency-changes
  network 192.168.10.0 255.255.255.0 area 0

I would greatly appreciate if you are able to provide detailed steps, as I am new to this Cisco FirePOWER.

2. I know for Cisco Router and Switches key in wildcard mask, and Cisco ASA Firewall key in subnet mask for OSPF.
May I know for Cisco FirePOWER/FTD, what do i add for OSPF network? Subnet or Wildcard mask?

Please advise
Thank You
Peter

1. Like this:

2. Use the subnet mask (not wildcard mask).

+ don't forget to add Smart CLI object for the interface OSPF parameters.

Hi Marvin,

1. For the interface OSPF parameters, can I leave the parameters as default? 

2. If the parameters are default and we have 7 sub-interfaces, can we apply the same template to all the sub-interfaces?

Thank You
Peter

As with an ASA, you can change some interface-specific OSPFv2 parameters, if necessary. You are not required to change any of these parameters, but the following interface parameters must be consistent across all routers in an attached network: ospf hello-interval , ospf dead-interval , and ospf authentication-key . If you configure any of these parameters, be sure that the configurations for all routers on your network have compatible values.

Hi Marvin, I'm assisting Peter with this deployment and thank you for your kind help this far. 

We are clear on the Ospf template but not so clear on the interface ospf settings part. Usually we would use the Ospf template globally and all interfaces will be using the global routing table. However there is a need to create an Ospf interface template in order to complete the Ospf configuration.

We have 7 sub-interfaces. Must we apply the same template to all 7 sub-interfaces or do we use 7 different interface templates, but same configuration, for all sub-interfaces?

Thank you and hope you can shed some light in this. 

You're welcome. I wasn't positive if FTD Smart CLI required us to apply the template per interface or leave it blank. I've only done a single interface in my lab.

If it is indeed requiring the interface template, then it will require it to be repeated for each (sub)interface that you want to participate in establishing OSPF adjacencies. It can be the same default settings but will have to be repeated per interface as the Smart CLI template requires you to input an unique interface nameif each time it is created.

I am struggling with OSPF on a HA pair of virtual FTDs.  I tried this on 6.2, 6.3 & 6.5 and cannot add a network statement.

I have just built another pair of 6.6 virtual FTDs and I was hopeful as OSPF & BGP are in the release notes as being available in FDM now.  However it looks like Cisco have just moved the SmartCLI for BGP & OSPF from the advanced section to the routing section.

When I add an OSPF object I can set the process ID but there is no option to add a network statement.  I am beginning to wonder if this is some limitation of the virtual appliance

I have just booted the 6.5 FTDv up and tried to configure OSPF via Smart CLI and I see the same issue so I think I am doing something fundamentally wrong?

Hi @andrew.butterworth 

It's certainly not immediately obvious, but you need to click the + button next to "configure area", a drop-down list appears, allowing you to define the networks. e.g:-

This screenshot is from FTDv 6.5, I assume it's going to be similar in 6.6

HTH

Actually after I posted that I persevered and worked it out.  It looks different to what Marvin posted a screenshot of though?  Was it different in earlier releases?