cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
222
Views
0
Helpful
3
Replies
Highlighted

Cisco Firepower - Configuring OSPFv2 Passive Interface

As you know that there is no Option for OSPFv2 to configure Passive Interface in cisco Firepower compared to OSPFv3.

Now, the question is: How do you limit or control ospf hello packet to not to send it from specific interfaces in your environment?

3 REPLIES 3
Highlighted
VIP Expert

how about access control polices to allow only destination peer IP - is this considerable ?

 

EDIT :

I may be misunderstood your question here - i was in the impression you pass through via FTD for the OSPF to build neighbor

 

But if you looking to FTD to be be participate in OSPF.

 

here is the steps : Configure OSPF Interfaces and Neighbors  - is this what you looking ?

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/ospf_for_firepower_threat_defense.html#task_94B9040B152B47FE94AC0F4F47209E7C

 

Other note - by saying FTD is FW you can make any ACP rule for allow or deny.

 

 



BB


*** Rate All Helpful Responses ***

Highlighted

Hi Dear...

when we configure any routing protocol like ospfv2 or ospfv3, we don't create any ACL in firepower to allow peer IP.

have you configured it in your production or lab?!

Highlighted

Hi again Dear Balaji,

in configuring OSPF interface and neighbors you want to eliminate multicast hello packet and send unicast in specific interface.

It means that your FTD will send multicast hello packet from other hands already.

by configuring ACP your FTD will discard hello packet  every time that OSPF try to propagate its hello packet.(based on hello interval time)

In my opinion its not a good idea.