OSPF

Configure OSPF in Juniper Netscreen firewall

Starting with ScreenOS 4.0.0r1, Open Shortest Path First (OSPF) routing protocol is supported in NetScreen-5XT, NetScreen-25, NetScreen-50, NetScreen-500, and NetScreen-5200.

Follow the below steps.

  • Login to Web UI and navigate to below link. Network –>Routing –> Virtual Routers.

  • Here you can see the current configurations for your trust and untrust vr.
  • We need to create a) an access list b) A Route Map and c) Bind all these to the OSPF.
  • Create an access-list. In hte trust-vr under Access-List, click on the “0”. In the snap its 1, as there is already a access-list configured.
  • Click on NEW and add the details for the options shown below.

  • Give a Access List ID like 10.
  • Sequence No. say 1 and the network that will be advertised, like 10.50.0.0/16, click OK.
  • We can always add more network by selecting the “Add Seq No”, as shown below.

  • Now configure the “Route Map” Go back to the Virtual Routers page and click on the “0” below the Route Map Option.
  • Click on NEW and fill in the options, Give a name like “rtmap1” , set Action to Permit and select the Access List check box. Select OK.
  • Now come back to Virtual routers and select EDIT in the trust-vr.
  • Come down to the page and select the “Create an OSPF Instance”. In the below snap its Edit OSPF
  • Select the below options.
  • Select Area and define a new area, and click on Configure to configure it.
  • Add the Network to be Advertised, and select the interface on which OSPF will be enabled.

  • Now select the “Redistributable Rules” and select the route map that we created.

  • Now select the routing protocols that need to be distributed and click Add.

This basically means that if there is a static route in the firewall for 10.50.10.0/24 and we have advertised the whole 10.50.0.0/16, the 10.50.10.0/24 will be specifically seen in the OSPF routing table.

Well, this does it.