cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
334
Views
0
Helpful
8
Replies
Beginner

OSPF Neighbour between Core Switch and Router, connected through firewall in between

Hi Team, I am planning to seggregate Wan Connectivity and Corporate users through Firewall. Currently OSPF is running between my Core Switch and Wan router, if i move Wan Router to Firewall Ext Zone and Core Switch to Firewall Int Zone. I dont want to run OSPF on Firewall. What is the best practice to establish ospf neighbour between Wan Router and core switch. Please suggest solution on this.
Everyone's tags (1)
8 REPLIES 8
Highlighted
VIP Mentor

Re: OSPF Neighbour between Core Switch and Router, connected through firewall in between

Hello,

 

which Firewall are you planning on installing ? Below is the procedure for Checkpoint firewalls...

 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk39960

Beginner

Re: OSPF Neighbour between Core Switch and Router, connected through firewall in between

Hi There, Thanks for your input Lets consider Cisco Firewall itself, what is the configuration of Router router OSPF and Core Switch OSPF command, what firewall policies needs to be enabled.
Beginner

Re: OSPF Neighbour between Core Switch and Router, connected through firewall in between

Hi There, Thanks for your input Lets consider Cisco Firewall itself, what is the configuration of Router router OSPF and Core Switch OSPF command, what firewall policies needs to be enabled.
Everyone's tags (1)
VIP Advocate

Re: OSPF Neighbour between Core Switch and Router, connected through firewall in between

Hi, 

If I am considering your point

 I dont want to run OSPF on Firewall. What is the best practice to establish ospf neighbour between Wan Router and core switch. Please suggest solution on this.

Then it is looking that you are not fulfilling OSPF Neighborship Requirements as the same subnet. I don't think there is an issue with OSPF running on the Firewall but If you don't want due to some network or protocol or your standard then you can implement a Cisco Firewall in the Transparent mode.

 

Before processing the Transparent mode configuration also check the firewall documents. Will it fulfill your requirements in the Transparent mode?

 

I have the second option as Configure GRE tunnel Between Core switch and WAN router (If supported) But here is more issue with your security configuration. But your firewall will not able to scan the GRE encapsulated traffic and provide you desire security.  Also another issue with the performance of your WAN router. Keep in mind that this is not a recommended solution.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!
VIP Advisor

Re: OSPF Neighbour between Core Switch and Router, connected through firewall in between

Hello

 


@Deepak kumar wrote:

Hi, 

If I am considering your point

 I dont want to run OSPF on Firewall. What is the best practice to establish ospf neighbour between Wan Router and core switch. Please suggest solution on this.

Then it is looking that you are not fulfilling OSPF Neighborship Requirements as the same subnet. I don't think there is an issue with OSPF running on the Firewall but If you don't want due to some network or protocol or your standard then you can implement a Cisco Firewall in the Transparent mode.

 

Before processing the Transparent mode configuration also check the firewall documents. Will it fulfill your requirements in the Transparent mode?

 

I have the second option as Configure GRE tunnel Between Core switch and WAN router (If supported) But here is more issue with your security configuration. But your firewall will not able to scan the GRE encapsulated traffic and provide you desire security.  Also another issue with the performance of your WAN router. Keep in mind that this is not a recommended solution.

 

Regards,

Deepak Kumar


At the end of the day what’s the point of segregation if your going to do this?



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
VIP Advocate

Re: OSPF Neighbour between Core Switch and Router, connected through firewall in between

Hi @paul driver 

I am not sure but my consideration was "Currently OSPF is running between my Core Switch and Wan router," Statement made by the original author of this post.

 

Your point is correct but he may be using any DMVPN/MPLS or other services which is currently depending on the OSPF and He is not aware of redistribution or limitation with this point.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!
VIP Advisor

Re: OSPF Neighbour between Core Switch and Router, connected through firewall in between

Hello

 


@Sureshkumar B wrote:
Hi Team, I am planning to seggregate Wan Connectivity and Corporate users through Firewall.

So why do you want a ospf peering between the two - the whole point is to segregate them correct? So just use static routing so egress/ingress traffic traverses your fw

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
VIP Advisor

Re: OSPF Neighbour between Core Switch and Router, connected through firewall in between

if the user path like below 

 

users---access---core---FW--WAN router(internet)

 

Suggest to have static route on FW is the best approach, since it is default route. Until you have different ISP in the network(then different plan totally).

 

BB
*** Rate All Helpful Responses ***
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards