Perform as follows to monitor OSPF and BGP status on the firewall:
1. Choose Network > Route > Dynamic Route Monitoring Table.
2. On the OSPFv2 Route List page, view detailed OSPFv2 route information.
3. On the BGP Route List page, view detailed BGP route information.

Problem and solution when the OSPF status is abnormal
To solve the problem that the OSPF status between the firewall and the peer device cannot reach the Full state, perform the following steps: 1. Check the OSPF status. Check whether the OSPF neighboring relationship can be established between the firewall and the peer device. 2. If no, check the security policy configuration. Check whether the security policy control function for unicast packets is enabled. That is, check whether the firewall packet-filter basic-protocol enable command is configured. If yes, run the undo firewall packet-filter basic-protocol enable command to disable the function. To establish an OSPF neighboring relationship, devices need to exchange DD packets. DD packets are OSPF unicast packets. By default, the forwarding of OSPF unicast packets is not controlled by security policies. However, if you run the firewall packet-filter basic-protocol enable command to enable the security policy control function for OSPF unicast packets, you need also to configure the corresponding security policy to allow the packets to be forwarded. For details, see OSPF can not step into full state caused by security policy deny.

Meanings of BGP peer status
In addition to the common Idle and Established status, BGP peer also has the following status: 1. active: indicates that the TCP connection of the BGP session has not been established. 2. no neg: indicates that the negotiation is not performed. If IPv4 Unicast is configured at one end, and IPv4 Unicast and IPv4 Multicast are configured at the other end, after the peer is established, you can discover that IPv4 Unicast negotiation succeeds, and the BGP peer is in Established status. However, the IPv4 Multicast is in no neg status in that IPv4 Multicast is not configured at one end. 3. Idle (Admin): indicates the BGP peer is proactively disabled, and there is no attempt to establish it again. If the peer ignore command is executed, or this peer is set to be down through the MIB, this peer remains in this status.

Configuring the BGP priority on the firewall
The method for modifying the BGP priority on the USG2000&5000&6000 is as follows: -Modifying the BGP priority: [USG]bgp 25212 [USG-bgp]ipv4-family unicast [USG-bgp-af-ipv4]preference 120

Why cannot OSPF import BGP routes
As defined in RFC 1364, OSPF cannot import IBGP routes. Routes learned via IBGP must not be imported into OSPF OSPF, however, can import IBGP routes on a PE. BGP routes exist in a VPNv4 routing table on a device functioning as a PE but cannot be imported to OSPF. This is because the role of the device changes from a PE to an MCE after the vpn-instance-capability simple command in run in the OSPF process. Solution: If the device needs to function as a PE, you need to run the undo vpn-instance-capability command on the device.

