ā01-22-2021 01:48 AM
As you know that there is no Option for OSPFv2 to configure Passive Interface in cisco Firepower compared to OSPFv3.
Now, the question is: How do you limit or control ospf hello packet to not to send it from specific interfaces in your environment?
ā01-22-2021 02:57 AM - edited ā01-23-2021 12:43 PM
how about access control polices to allow only destination peer IP - is this considerable ?
EDIT :
I may be misunderstood your question here - i was in the impression you pass through via FTD for the OSPF to build neighbor
But if you looking to FTD to be be participate in OSPF.
here is the steps : Configure OSPF Interfaces and Neighbors - is this what you looking ?
Other note - by saying FTD is FW you can make any ACP rule for allow or deny.
ā01-23-2021 09:54 AM - edited ā01-23-2021 10:14 AM
Hi Dear...
when we configure any routing protocol like ospfv2 or ospfv3, we don't create any ACL in firepower to allow peer IP.
have you configured it in your production or lab?!
ā01-27-2021 08:29 AM
Hi again Dear Balaji,
in configuring OSPF interface and neighbors you want to eliminate multicast hello packet and send unicast in specific interface.
It means that your FTD will send multicast hello packet from other hands already.
by configuring ACP your FTD will discard hello packet every time that OSPF try to propagate its hello packet.(based on hello interval time)
In my opinion its not a good idea.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide