Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] [ScreenOS] Configuring OSPF on firewall

0

0

Article ID: KB4325 KB Last Updated: 30 Nov 2019Version: 6.0
Summary:

How to enable OSPF on ScreenOS firewalls

Symptoms:

The basic instructions are documented below.

For more details, refer to the OSPF chapter in the ScreenOS Concepts & Examples Guide - Routing: http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_ce_Routing.pdf.

Solution:

There are two steps needed to establish OSPF adjacency with other OSPF routers or firewalls:

1. Enable OSPF protocol on a specific virtual router
2. Enable OSPF on a specific interface.

The WebUI and CLI instructions are provided below:

 

WebUI

In this example, you enable the OSPF routing instance on the virtual router trust-vr and enable OSPF on the trust interface.

Open the WebUI. For more information on opening the WebUI, go to Connecting to Your NetScreen Device Using the WebUI.

From the ScreenOS options menu, click Network, select Routing, and then click Virtual Routers.

From trust-vr, click Edit.

From Dynamic Routing Protocol Support, click Create OSPF Instance.

Click to select OSPF Enabled

Click OK.

Click OK.

From the ScreenOS options menu, click Network, and then click Interfaces and List

From ethernet0/0, click Edit.

From the Edit page, click OSPF.

Click to enable Enable Protocol OSPF.

Click to enable Bind to Area, and then enter 0.0.0.0.


Click Apply.

 

 

CLI

To configure interface Ethernet3 on the ScreenOS firewall to form the adjacency with the upstream router running OSPF in area 0:

set vr trust-vr protocol ospf
set interface e3 proto ospf area 0.0.0.0

set vr trust-vr protocol ospf enable
set interface eth3 protocol ospf enable


To verify the OSPF configuration:

ns-> get interf e3 proto ospf
VR: trust-vr RouterId: 2.2.2.1
----------------------------------
Interface: ethernet3
IpAddr: 2.2.2.1/24, OSPF: enabled, Router: enabled
Type: Ethernet Area: 0.0.0.0 Priority: 1 Cost: 10
Transit delay: 1s Retransmit interval: 5s Hello interval: 10s
Router Dead interval: 40s Authentication-Type: None
State: Designated Router DR: 2.2.2.1(self) BDR: 2.2.2.9
Neighbors:
RtrId: 8.8.8.1 IpAddr: 2.2.2.9 Pri: 1 State: Full

 

Other useful commands:

get route
get vr trust protocol ospf
get vr trust protocol ospf neighbor
Modification History:

2019-11-30: Added opsf enable commands to the CLI instructions.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search