As you know that there is no Option for OSPFv2 to configure Passive Interface in cisco Firepower compared to OSPFv3.
Now, the question is: How do you limit or control ospf hello packet to not to send it from specific interfaces in your environment?
how about access control polices to allow only destination peer IP - is this considerable ?
I may be misunderstood your question here - i was in the impression you pass through via FTD for the OSPF to build neighbor
But if you looking to FTD to be be participate in OSPF.
here is the steps : Configure OSPF Interfaces and Neighbors - is this what you looking ?
Other note - by saying FTD is FW you can make any ACP rule for allow or deny.
*** Rate All Helpful Responses ***
when we configure any routing protocol like ospfv2 or ospfv3, we don't create any ACL in firepower to allow peer IP.
have you configured it in your production or lab?!
Hi again Dear Balaji,
in configuring OSPF interface and neighbors you want to eliminate multicast hello packet and send unicast in specific interface.
It means that your FTD will send multicast hello packet from other hands already.
by configuring ACP your FTD will discard hello packet every time that OSPF try to propagate its hello packet.(based on hello interval time)
In my opinion its not a good idea.