Hello, Brandon Wright here again with another helping tip for your WatchGuard firewall. This time I will be demonstrating to you how to configure Dynamic Routing with OSPF. Dynamic Routing opens up several features that you can take advantage of. For one, all of the networks you have connected through that MPLS or ELAN connection will share their networks. Allowing them to fully talk to one another without adding static routes with every new subnet. Let’s look at how quickly we can set this up.
In our policy manager, we will go to Network, and then Dynamic Routing. First, we will need to fill the checkbox labeled “Enable Dynamic Routing”. Next, we will select the “OSPF” tab, and fill the “Enable OSPF” box. Then we are able to enter the configuration.
I will include a sample configuration in the Description of this video. All you will need to do is paste it into the window, and edit some of the settings for your application. You can also add it to a text document and import it:
router ospf
ospf router-id 192.168.100.1
network 192.168.100.0/30 area 0.0.0.0
network 10.0.20.0/24 area 0.0.0.0
passive-interface eth0
passive-interface eth1
passive-interface eth2
passive-interface eth3
passive-interface eth4
passive-interface eth5
passive-interface eth6
passive-interface eth7
passive-interface eth8
passive-interface eth9
passive-interface eth10
passive-interface eth11
passive-interface eth12
So, let me explain a few of these settings. The first string actually enables the OSPF configuration. The second line assigns an ID to the firewall. Usually it is best to use the local IP address of the firewall that it will share the routes through.
The next group of lines specify the networks that will be advertised through OSPF, as well as the network it will be shared on. It does not matter the order they are entered, and for this simple configuration, we will be assigning everything to a single area. In this case, the 192 network is our internal trusted network, and the 10 network is our MPLS connection.
The next set of lines are used to EXCLUDE an interface from sharing the OSPF routes. So, if an interface is listed here, it will listen for advertised OSPF routes, but will not share its own routes through that interface. In this case, all interfaces except for 13 which is out MPLS network, are excluded from sharing the routes.
We can now save this configuration. It will prompt you that a policy for OSPF will be created if one is not already enabled.
The same process will need to be applied to the other remote firewalls, with the location specific information changed. Meaning the ID and local networks are the primary changes. I have already applied them to the second firewall in my case. If we open “Firebox System Monitor”, and go to the “Status Report”, we will be able to scroll or search for OSPF and see the routing table shared between the two devices.
I hope you enjoyed this little tutorial, subscribe to be informed of all future guides. Next time I will go through BGP configurations!