Problem and solution when the OSPF status is abnormal

To solve the problem that the OSPF status between the firewall and the peer device cannot reach the Full state, perform the following steps:

1. Check the OSPF status.
Check whether the OSPF neighboring relationship can be established between the firewall and the peer device.

2. If no, check the security policy configuration.
Check whether the security policy control function for unicast packets is enabled. That is, check whether the firewall packet-filter basic-protocol enable command is configured. If yes, run the undo firewall packet-filter basic-protocol enable command to disable the function.

To establish an OSPF neighboring relationship, devices need to exchange DD packets. DD packets are OSPF unicast packets. By default, the forwarding of OSPF unicast packets is not controlled by security policies. However, if you run the firewall packet-filter basic-protocol enable command to enable the security policy control function for OSPF unicast packets, you need also to configure the corresponding security policy to allow the packets to be forwarded.

For details, see OSPF can not step into full state caused by security policy deny.

Scroll to top