WSM User Guide - WatchGuard Technologies
WSM User Guide - WatchGuard Technologies WSM User Guide - WatchGuard Technologies
Using OSPF2 In the New Policy Properties window, configure the policy to allow traffic from the IP or networkaddress of the router using RIP to the multicast address 224.0.0.9.3 Click OK.Using OSPFNoteSupport for this protocol is available only in Fireware® Pro.OSPF (Open Shortest Path First) is an interior router protocol used in larger networks. With OSPF, arouter that sees a change to its routing table or that detects a change in the network immediately sendsa multicast update to all other routers in the network. OSPF is different than RIP because:• OSPF sends only the part of the routing table that has changed in its transmission. RIP sends thefull routing table each time.• OSPF sends a multicast only when its information has changed. RIP sends the routing table every30 seconds.There are also a few specific things it is important to understand about OSFP:• If you have more than one OSPF area, one area must be area 0.0.0.0 (the backbone area).• All areas must be adjacent to the backbone area. If they are not, you must configure a virtual linkto the backbone area.OSPF daemon configurationTo create or modify a routing configuration file, here is a catalog of supported routing commands. Thesections must appear in the configuration file in the same order they appear in this table. You can alsouse the sample OSPF configuration file found in this FAQ:https://www.watchguard.com/support/advancedfaqs/fw_dynroute-ex.asp332 WatchGuard System Manager
Using OSPFSection Command DescriptionConfigure Interfaceip ospf authentication-key [PASSWORD]interface eth[N]ip ospf message-digest-key [KEY-ID] md5 [KEY]ip ospf cost [1-65535]ip ospf hello-interval [1-65535]ip ospf dead-interval [1-65535]ip ospf retransmit-interval [1-65535]ip ospf transmit-delay [1-3600]ip ospf priority [0-255]Configure OSPF Routing Daemonrouter ospfospf router-id [A.B.C.D]ospf rfc 1583compatibilityospf abr-type [cisco|ibm|shortcut|standard]passive interface eth[N]auto-cost reference bandwidth [0-429495]timers spf [0-4294967295][0-4294967295]Enable OSPF on a Network*The “Area” variable can be typed in two formats: [W.X.Y.Z]; or as an integer [Z].network [A.B.C.D/M] area [Z]Configure Properties for Backbone Area or Other Areas*The “Area” variable can be typed in two formats: [W.X.Y.Z]; or as an integer [Z].area [Z] range [A.B.C.D/M]area [Z] virtual-link [W.X.Y.Z]Set OSPF authentication passwordBegin section to set properties forinterfaceSet MD5 authentication key ID andkeySet link cost for the interface (seeOSP Interface Cost table below)Set interval to send hello packets;default is 10 secondsSet interval after last hello from aneighbor before declaring it down;default is 40 secondsSet interval between link-stateadvertisements (LSA)retransmissions; default is 5secondsSet time required to send LSAupdate; default is 1 secondSet router priority; high valueincreases eligibility to become thedesignated router (DR)Enable OSPF daemonSet router ID for OSPF manually;router will determine its own ID ifnot setEnable RFC 1583 compatibility (canlead to routing loops)More information about thiscommand can be found in draftietf-abr-alt-o5.txtDisable OSPF announcement oninterface eth[N]Set global cost (see OSPF cost tablebelow); do not use with “ip ospf[COST]” commandSet OSPF schedule delay and holdtimeAnnounce OSPF on networkA.B.C.D/M for area 0.0.0.ZCreate area 0.0.0.Z and set aclassful network for the area (rangeand interface network and masksettings should match)Set virtual link neighbor for area0.0.0.ZUser Guide 333
- Page 300 and 301: Adding New Users to the PPTP_Users
- Page 302 and 303: Preparing the Client Computers- To:
- Page 304 and 305: Creating and Connecting a PPTP RUVP
- Page 306 and 307: Creating and Connecting a PPTP RUVP
- Page 308 and 309: Getting Started with WebBlocker4 In
- Page 310 and 311: Activating WebBlocker4 Click Next.5
- Page 312 and 313: Configuring WebBlocker2 Select the
- Page 314 and 315: Configuring WebBlocker3 Click the A
- Page 316 and 317: Scheduling a WebBlocker Action298 W
- Page 318 and 319: Installing the Software Licensespam
- Page 320 and 321: Activating spamBlocker3 From Policy
- Page 322 and 323: Creating Rules for Bulk and Suspect
- Page 324 and 325: Customizing spamBlocker Using Multi
- Page 326 and 327: Installing the Software LicensesIns
- Page 328 and 329: Configuring Gateway AntiVirusConfig
- Page 330 and 331: Configuring Gateway AntiVirus2 To s
- Page 332 and 333: Activating Intrusion Prevention (IP
- Page 334 and 335: Configuring Intrusion PreventionCon
- Page 336 and 337: Configuring Intrusion Prevention2 S
- Page 338 and 339: Configuring Intrusion PreventionCon
- Page 340 and 341: Getting Intrusion Prevention Servic
- Page 342 and 343: Creating QoS Actionsmanagement syst
- Page 344 and 345: Dynamic RoutingDynamic RoutingA rou
- Page 346 and 347: Using RIPSection Command Descriptio
- Page 348 and 349: Using RIP2 In the New Policy Proper
- Page 352 and 353: Using OSPFSection Command Descripti
- Page 354 and 355: Using OSPF4 Click Import to import
- Page 356 and 357: Using BGPRegion Registry Name Web S
- Page 358 and 359: Using BGPConfiguring Fireware Pro t
- Page 360 and 361: Using BGP342 WatchGuard System Mana
- Page 362 and 363: Selecting a Primary High Availabili
- Page 364 and 365: Configuring HA for Firebox X (non e
- Page 366 and 367: Upgrading Software in an HA Configu
- Page 368 and 369: (B) To use the SOFTWARE PRODUCT on
- Page 370 and 371: RENEWAL/UPGRADE REQUEST WILL NOT BE
- Page 372 and 373: conditions of use by WatchGuard of
- Page 374 and 375: LicensesDATA, OR PROFITS; OR BUSINE
- Page 376 and 377: Licenses"Derivative Works" shall me
- Page 378 and 379: LicensesANY DIRECT, INDIRECT, INCID
- Page 380 and 381: Licenses2. You may modify your copy
- Page 382 and 383: Licenses8. You may not copy, modify
- Page 384 and 385: LicensesYou may charge a fee for th
- Page 386 and 387: LicensesINCLUDING, BUT NOT LIMITED
- Page 388 and 389: Licenses1.2. "Compilation" means a
- Page 390 and 391: LicensesTHE VRT CERTIFIED RULES AND
- Page 392 and 393: LicensesNoteAll other trademarks or
- Page 394 and 395: Default File LocationsFile TypeHelp
- Page 396 and 397: Default File Locations378 WatchGuar
- Page 398 and 399: Packet Filter PoliciesAOLThe Americ
Using OSPFSection Command DescriptionConfigure Interfaceip ospf authentication-key [PASSWORD]interface eth[N]ip ospf message-digest-key [KEY-ID] md5 [KEY]ip ospf cost [1-65535]ip ospf hello-interval [1-65535]ip ospf dead-interval [1-65535]ip ospf retransmit-interval [1-65535]ip ospf transmit-delay [1-3600]ip ospf priority [0-255]Configure OSPF Routing Daemonrouter ospfospf router-id [A.B.C.D]ospf rfc 1583compatibilityospf abr-type [cisco|ibm|shortcut|standard]passive interface eth[N]auto-cost reference bandwidth [0-429495]timers spf [0-4294967295][0-4294967295]Enable OSPF on a Network*The “Area” variable can be typed in two formats: [W.X.Y.Z]; or as an integer [Z].network [A.B.C.D/M] area [Z]Configure Properties for Backbone Area or Other Areas*The “Area” variable can be typed in two formats: [W.X.Y.Z]; or as an integer [Z].area [Z] range [A.B.C.D/M]area [Z] virtual-link [W.X.Y.Z]Set OSPF authentication passwordBegin section to set properties forinterfaceSet MD5 authentication key ID andkeySet link cost for the interface (seeOSP Interface Cost table below)Set interval to send hello packets;default is 10 secondsSet interval after last hello from aneighbor before declaring it down;default is 40 secondsSet interval between link-stateadvertisements (LSA)retransmissions; default is 5secondsSet time required to send LSAupdate; default is 1 secondSet router priority; high valueincreases eligibility to become thedesignated router (DR)Enable OSPF daemonSet router ID for OSPF manually;router will determine its own ID ifnot setEnable RFC 1583 compatibility (canlead to routing loops)More information about thiscommand can be found in draftietf-abr-alt-o5.txtDisable OSPF announcement oninterface eth[N]Set global cost (see OSPF cost tablebelow); do not use with “ip ospf[COST]” commandSet OSPF schedule delay and holdtimeAnnounce OSPF on networkA.B.C.D/M for area 0.0.0.ZCreate area 0.0.0.Z and set aclassful network for the area (rangeand interface network and masksettings should match)Set virtual link neighbor for area0.0.0.Z<strong>User</strong> <strong>Guide</strong> 333