03-26-2024 12:05 AM - edited 03-26-2024 12:06 AM
Configuring an area 0.0.0.0 on PAN firewall (10.2 and higher).
1. Does PAN attribute 0.0.0.0 to area 0? Is that the only way to define area 0? or other options?
2. Area IP range: in cisco world, the range command implies that all connected interfaces on the router, which fall within the range, get include as LSA's in the area and start communicating OSPF to neighbors (provided they are not passive). it seems with PAN, that is simply not enough to get the interface setup for the area or to include the interface IP/subnet in the LSA's. is that correct?
3. Area Interfaces: in cisco world, adding an area to the interface directly, does start OSPF on the interface and adds the interface subnet as a route in the LSA DB for this area. No range command is needed in the OSPF configuration block. it appears that PAN firewall behaves similarly in that regard, and I don't need to do both area IP range and Area interface configuration under a process. I would need to simply add all my interface in the area configuration.
In summary, if I have 3 PAN fw interfaces all in area 0, want to announce them all; but only have 1 neighbor relationship off 1 PAN fw interface, is this my optimal config:
1. define an area 0.0.0.0
2. include all three interfaces in this area, 2 being passive
3. do not configure any area IP ranges
And this configuration _will not work_
1. define area 0 <=PAN doesn't support it?
2. add just the OSPF talking interface to the area <=will probably work?
3. include the passive interface subnets in the area range command, but not include the interfaces themselves in the area <=wont do anything because the passive interfaces are not included in the area?
03-26-2024 08:30 AM
Dotted decimal is a standard way of defining OSPF areas. 0.0.0.0 = area 0. You can use dotted decimal and decimal interchangeably on Cisco devices if you want. PA only supports dotted decimal so you just have to go with 0.0.0.0.
The area range is for summarizing between areas, not for enabling OSPF. The network command enables OSPF on interfaces that fall within the range. PA doesn't have this option, you just add each interface with the desired attributes.
What's the problem with your optimal config?
03-26-2024 08:30 AM
Dotted decimal is a standard way of defining OSPF areas. 0.0.0.0 = area 0. You can use dotted decimal and decimal interchangeably on Cisco devices if you want. PA only supports dotted decimal so you just have to go with 0.0.0.0.
The area range is for summarizing between areas, not for enabling OSPF. The network command enables OSPF on interfaces that fall within the range. PA doesn't have this option, you just add each interface with the desired attributes.
What's the problem with your optimal config?
03-26-2024 08:32 AM
hi, thx for quick reply. I believe the "optimal config" is working fine. I was just confused as to PAN's notation and syntax. there was some initial confusion about behavior but I settled on the optimal and I think it's okay right now.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
