04-06-2020 04:44 AM
In the data center end, the Cisco ASA firewall is advertising the OSPF route and at the perimeter end Palo alto receives the route, and PA will be forward that route toward Internet communication.
Expectation, if any, specific route received by Palo alto, it should be rejected or drop on Palo alto itself. Should not forward to any next hop.
How we can achieve in Palo Alto Firewall.
04-06-2020 09:26 AM
You'll need to update your redistribution profile and ensure that you actually have the OSPF filters properly setup, sounds like you currently aren't doing anything for filtering.
04-09-2020 03:24 AM
Thank you for your comments:
I am looking for something similar like to suppress or LSA controller
Example: if I have multiple branches across the city. Connected to DC, I mean Cisco router (Branch) connected to the Cisco ASA and the Cisco firewall as a DC FW and it's connected to Paloalto as a perimeter firewall.
If any host wants have to access the perimeter end.
The host comes to DC firewall which is a Cisco ASA and Cisco has a role to forward the route to next-hop and its forwarding to Palo alto firewall as receiving and the route is an OSPF Route protocol
Now exception: if Palo alto receives an OSPF route from is neighbor CISCO ASA, and if OSPF has 10 routes in the table. Here Palo alto has to take a decision on receiving the OSPF route, it should filter the route and have to forward on his next hope or Palo alto have reject either drop itself.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
