OSPF in a Active/Passive Firewall setup

Reply
L1 Bithead

OSPF in a Active/Passive Firewall setup

Hi,


I have a lab with a active/passive Palo Alto firewall setup. I have had a look at the Palo Guide for setting up OSPF at:

 

https://knowledgebase.paloaltonetworks.com/servlet/fileField?entityId=ka10g000000D8HwAAK&field=Attac...

 

From this, it looks like it is not possible to form an OSPF neighbour with a standby firewall. The situation I am looking to avoid is waiting for OSPF neighborships to form to the standby firewall in the event the primary firewall fails. The document mentions the only workaround is to use floating static routes to carry the traffic until OSPF is established and routes learned at which point the dynamic routes will be preferred.

 

I am trying to find a solution where I don't need to use floating static routes and there is no downtime from going to a standby firewall from active when using OSPF.

Tags (3)
Highlighted
L7 Applicator

Re: OSPF in a Active/Passive Firewall setup

@vvadia ,

The solution is the workaround mentioned in the article with floating statics to carry before the OSPF relationship establishes and passes the routes, that's the only way around it. 

L2 Linker

Re: OSPF in a Active/Passive Firewall setup

 

That article is outdated. Current versions of PANOS support Graceful Restart for OSPF.

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!