I have a strange scenario here. To summarize, I had previously configured GlobalProtect on a Palo firewall and configured the Palo to redistribute that network range on the tunnel interface into OSPF. This worked without any problem.
Now, the IP address range for GlobalProtect users needed to change so I had to go and change the IP pool for GlobalProtect. No other changes to GlobalProtect configuration were made. However, since changing the IP pool, the Palo is no longer redistributing the tunnel interface IP range into OSPF.
Any suggestions on how to fix this without fully re-configuring GProtect from scratch?
Solved! Go to Solution.
I would start with reviewing your OSPF redistribution policies to make sure there are no filters that could be causing this.
Also the OSPF area config to see if there are entries in the Range.
clutching at straws here but did you also change the L3 IPv4 network address on the PA interface to accomodate the new pool range.
EDIT.... cancel that, just noticed you were using redistribution...
Had a look at the OSPF LSDB on other firewalls and realized that it was actually being redistributed. However, the other firewalls were preferring the same routing advert from a different firewall and so wasn't placing it in the routing table.
Thanks for your suggestions
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!