Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to deny a route being learned via OSPF



Article ID: KB15577 KB Last Updated: 23 Nov 2009Version: 1.0
How to deny a route being learned via OSPF
Trying to deny a route being learned by OSPF on the firewall.
On ScreenOS firewalls, routes learned via OSPF cannot be denied. Once the upstream router advertises the routes, the ScreenOS firewall will put the route into the OSPF database and it cannot be filtered out.  If this is causing an issue in your environment, there are the following work-arounds:
  • Configure the upstream router to not advertise the route
  • Use another Dynamic Routing Protocol to learn the routes from the upstream router.  The same prefix could be learned from this other routing protocol with a higher preference than OSPF. This will force the firewall to install the route via another DRP instead of OSPF.
  • On the ScreenOS firewall, add a static route pointing to null interface to avoid forwarding traffic to the unwanted network.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search