01-23-2017 10:09 PM
Greetings all,
I've been looking over some possible improvements to consider as we're moving our firewall deployment closer to production. We've got a lot of Cisco equipment through our core along with a switch VSS that runs various VRFs surrounding the PAN firewall. I noticed the Cisco implementation of OSPFv3 is supporting IPv4 address families as well as IPv6 in some of their newer firmware.
I was just wondering if Palo Alto is moving in that direction as well in a future software release? I'm on the latest but, just looking at configuring an OSPFv3 area now, it seems to be IPv6 only at this time.
Thanks!
01-24-2017 05:47 AM - edited 02-16-2017 10:53 AM
Hi,
Correct, for the moment, OSPF V3 in palo is only supported for IPV6. As PANOS V8 should be annonced soon, maybe we will have news about new implementation.
Question is: What is the most efficient, merge everything in OSPF V3 or spliting routing OSPF V2 for IPV4 and OSPF V3 for IPV6 and in case of problem, splitting origin of the problem ...
Hope help
V.
[Moderator Note: A glitch in the system caused an account error. This helpful post was added by member, VinceM. Sorry for the inconvenience.]
01-24-2017 05:47 AM - edited 02-16-2017 10:53 AM
Hi,
Correct, for the moment, OSPF V3 in palo is only supported for IPV6. As PANOS V8 should be annonced soon, maybe we will have news about new implementation.
Question is: What is the most efficient, merge everything in OSPF V3 or spliting routing OSPF V2 for IPV4 and OSPF V3 for IPV6 and in case of problem, splitting origin of the problem ...
Hope help
V.
[Moderator Note: A glitch in the system caused an account error. This helpful post was added by member, VinceM. Sorry for the inconvenience.]
01-24-2017 02:59 PM - edited 01-24-2017 03:00 PM
Thanks for the reply.
Yes that is definitely a consideration... seperate routing allows for potential seperation of issues.
On the other hand, from my limited reading on the subject so far, OSPFv3 seems overall a bit easier to use (no need to specify networks in the ospf process for instance) and it's supposed to be more secure. I'm sure some of it is a convenience factor though... Cisco added IPv4 address support so that you didn't have to run a seperate OSPF process but not that you can't still.
*edit* I realize this is kind of off topic but I'm curious if anyone has heard when v8 might be announced? Also, I'm assuming most people wait a few release in before upgrading?
Thanks!
02-13-2017 02:41 PM
PAN-OS 8.0 was announced last week.
There was a "Colossal Security Event" where it was announced:
https://live.paloaltonetworks.com/t5/Colossal-Security-Event-2017/ct-p/colossal_event
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
