Restrictions and precautions for using OSPF

Restrictions and precautions for using OSPF are as follows:
To establish an OSPF neighboring relationship, devices need to exchange DD packets. DD packets are OSPF unicast packets. By default, OSPF unicast packets are not forwarded under the control of security policies. Therefore, you need to configure a security policy on the FW to permit the OSPF packets between the Local zone and the security zone where the neighboring device resides. Otherwise, the OSPF neighboring relationship fails to be established.
Or you can run the undo firewall packet-filter basic-protocol enable command to disable the function of security policy control over OSPF unicast packets. After that, the firewall directly forwards OSPF unicast packets even if a security policy whose action is deny is configured.

Scroll to top