Create core elements for dynamic routing

Create the elements that contain dynamic routing configuration information. The elements can be used in multiple Firewalls, Virtual Firewalls, and Firewall Clusters.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Browse to Other Elements > Dynamic Routing Elements.
  3. Browse to BGP Elements, OSPFv2 Elements, or PIM Elements.
  4. Right-click the type of element that you want to create, then select New <element type>.
  5. Adjust the properties as needed, then click OK.

BGP Profile Properties dialog box

Use this dialog box to create a BGP Profile element.

For information about Quagga syntax, see http://⁠www.nongnu.org/quagga/docs.html.

Option Definition
General tab
Name The name of the element.
Port The port to use for BGP communications.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.
Option Definition
Distance tab
External (eBGP) Enter the administrative distance for external BGP routes.
Internal (iBGP) Enter the administrative distance for internal BGP routes.
Local (Aggregation) Enter the administrative distance for local BGP routes.
Subnets Click Add to add a row to the table, then enter the subnet and administrative distance in the Subnet and Administrative Distance columns.

To select an element that represents a subnet, double-click the cell.

Subnet The subnet to aggregate.
Administrative Distance The administrative distance of the subnet.
Add Adds a row.
Remove Removes the selected row.
Option Definition
Redistribution tab
Redistribute routes from Select where to redistribute routes from.
  • Kernel — Uses the redistribute kernel command.
  • Static — Uses the redistribute static command.

    If selected, the SMC sends the routes generated in routing to Quagga to be distributed in a static way.

    Note: NetLink routes are skipped, and routes using dynamic interfaces are currently not supported.
  • Connected — Uses the redistribute connected command.
Option Definition
Aggregation tab Click Add to add a row to the table, then enter the subnet and aggregation mode in the Subnet and Administrative Distance columns. To select an element that represents a subnet, double-click the cell.
Subnet The subnet to aggregate.
Aggregation Mode Uses the aggregate-address command. Select from the following:
  • Aggregate — Uses the aggregate-address $ command.
  • Aggregate with AS Set — Uses the aggregate-address $ as-set command.
  • Summary Only — Uses the aggregate-address $ summary-only command.
  • Aggregate with AS Set and Summary — Uses the aggregate-address $ as-set summary-only command.
Add Adds a row.
Remove Removes the selected row.

Autonomous System Properties dialog box

Use this dialog box to create an Autonomous System element.

Option Definition
Name The name of the element.
Autonomous System (AS) Number Enter the Autonomous System (AS) number in decimal notation.
Note: Hover the cursor over the number to see the number in dot notation.
BGP Version The version of BGP used. This option cannot be changed.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.

BGP Peering Properties dialog box

Use this dialog box to create a BGP Peering element.

For information about Quagga syntax, see http://⁠www.nongnu.org/quagga/docs.html.

Option Definition
General tab
Name The name of the element.
Connection Profile To select the BGP Connection Profile to use, click Select.
TCP MD5 Password Enter the TCP MD5 password used to authenticate to other BGP peers. Uses the command password $. If you do not enter a password, the password defined in the BGP Connection Profile is used.
Note: The password is shown in plain text when previewing the configuration in Quagga format.
Hide When deselected, displays the password in plain text.
Filter Type The type of filter to use as an inbound or outbound filter.
Inbound Filter The Access List or Route Map to use as an inbound filter.
Outbound Filter The Access List or Route Map to use as an outbound filter.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.
Option Definition
Advanced tab
Local AS (eBGP Only) Uses the local-as command. Select from the following:
  • Not Set — The command is not used.
  • prepend — Uses the local-as $ command.
  • no-prepend — Uses the local-as $ no-prepend command.
  • no-prepend and replace as — Uses the local-as $ no-prepend replace-as command.
If you select prepend, no-prepend, or no-prepend and replace as, enter the Autonomous System (AS) number in decimal notation in the field to the right. Hover the cursor over the number to see the number in dot notation.
Maximum Prefix Uses the maximum-prefix command. Select from the following:
  • Not Enabled — The command is not used.
  • Enabled — Uses the maximum-prefix $ command.
  • Warning Only — Uses the maximum-prefix $ warning-only command.
If you select Enabled or Warning Only, enter the value (1-128) in the field to the right.
Send Community Uses the send-community command. Select from the following:
  • No — The command is not used.
  • Standard — Uses the send-community standard command.
  • Extended — Uses the send-community extended command.
  • Standard and Extended — Uses the send-community both command.
Connected Check Uses the disable-connected-check command. Select from the following:
  • Disabled — The command is used.
  • Enabled — The command not used.
  • Automatic — The command is not used when the BGP Peering element is added to a directly connected network. Otherwise, it is used.
TTL Check Mechanism Select from the following:
  • Disabled — There is no TTL check.
  • TTL Security — Uses the ttl-security command.
  • eBGP Multihop — Uses the ebgp-multihop command.
If you selected TTL Security or eBGP Multihop, and you do not want the hops value to be calculated automatically, manually enter the value in the Hops Value field.
Remove Private AS (eBGP Only) Uses the remove-private-AS command.
Soft Reconfiguration Inbound Uses the soft-reconfiguration inbound command.
Don't Send Capabilities Uses the dont-capability-negotiate command.
Override Received Capabilities Uses the override-capability command.
Route Reflector Client (iBGP Only) Uses the route-reflector-client command.
Next Hop Self Uses the next-hop-self command.
Outbound Route Filtering (ORF) Uses the capability orf prefix-list command. Select from the following:
  • Disabled — The command is not used.
  • Send — Uses the capability orf prefix-list send command.
  • Receive — Uses the capability orf prefix-list receive command.
  • Send and Receive — Uses the capability orf prefix-list both command.
IP Prefix Access List Shows the Prefix list to be used for the Send and Send and Receive options for the Outbound Route Filtering (ORF) command. To select the IP Prefix Access List to use, select the Access List as the inbound filter on the General tab.

BGP Connection Profile Properties dialog box

Use this dialog box to create a BGP Connection Profile element.

Option Definition
Name The name of the element.
TCP MD5 Password The TCP MD5 password used to authenticate to other BGP peers.
Note: The password is shown in plain text when previewing the configuration in Quagga format.
Hide When deselected, displays the password in plain text.
Timer Settings
  • Session Keep Alive Timer — Uses the timers <keep alive value> <hold value> command.
  • Session Hold Timer — Uses the timers <keep alive value> <hold value> command.
  • Connect Retry Timer — Uses the timers connect $ command.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.

External BGP Peer Properties dialog box

Use this dialog box to create an External BGP Peer element.

Option Definition
Name The name of the element.
IP Address The IP address of the external BGP Peer.
Port The port used to send the BGP routing information.
Autonomous System (AS) Select the Autonomous System element to use.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.

OSPFv2 Domain Settings dialog box

Use this dialog box to create an OSPFv2 Domain Settings element.

For information about Quagga syntax, see http://⁠www.nongnu.org/quagga/docs.html.

Option Definition
Name The name of the element.
ABR Type Set the value for ospf abr-type. If an area border router (ABR) does not have a working connection to area 0 by the standard definition, it should not consider routes through non-backbone areas as valid.
  • Cisco — Uses an alternative algorithm as documented in RFC 3509. This option allows routing though non-backbone areas when the backbone link is down.
  • Standard — Uses the standard as defined in RFC 2328.
  • Shortcut — Allows routing through non-backbone areas when they offer a better route. For details, see https://⁠www.ietf.org/archive/id/draft-ietf-ospf-shortcut-abr-02.txt.
Throttle Timer Settings section Throttle timers define the time between consecutive shortest path first (SPF) calculations. The initial delay is the time between an event triggering SPF calculation and the calculation being complete.

Hold timers define the delay between SPF calculations. The timer increases from the initial hold time until the maximum hold time is reached. The hold time resets if SPF calculation is not triggered in adaptive hold time. This feature prevents SPF calculations from consuming resources.

Initial delay Set the value for the timers throttle spf delay command in milliseconds.
Initial Hold Time Set the value for the timers throttle spf initial-holdtime command in milliseconds.
Max Hold Time Set the value for timers throttle spf max-holdtime in milliseconds.
Max Metric Router LSA section The link-state advertisement (LSA) metric settings can be used to route traffic around a router while it starts up or shuts down. This option causes transit links to be advertised at an infinite distance, causing the rest of the network to use alternative routes. This option requires redundant routes to be available.
On Startup Set the value for the max-metric router-lsa on-startup command in seconds.
On Shutdown Set the value for the max-metric router-lsa on-shutdown command in seconds.
Auto-Cost Reference Bandwidth Set the value for the auto-cost reference-bandwidth command in megabits per second. This value is used in OSPF cost calculation.
Deprecated Path Reference Algorithm (RFC 1583 Compatibility) Select this option for compatibility with RFC 1583. This option removes the routing loop prevention mechanism defined in RFC 2328. We do not recommend selecting this option.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.

OSPFv2 Profile dialog box

Use this dialog box to create an OSPFv2 Profile element.

Option Definition
General tab
Name The name of the element.
OSPFv2 Domain Settings Select the OSPFv2 Domain Settings element to use.
Option Definition
Distance tab Intra area settings affect routes in the same area. Inter area settings affect routes advertised to other areas. The external distance changes the administrative distance of redistributed routes.
Intra Area Distance [O IA] Enter the distance value for the intra-area command.
Inter Area Distance [O] Enter the distance value for the inter-area command.
External Distance [E1-E2] Enter the distance value for the external command.
Redistribution tab Use this tab to redistribute external routes to OSPF.
Default Metric Enter the value for the default-metric command.
OSPF redistribution routes from Select the sources that you want to redistribute from.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.

OSPFv2 Interface Settings dialog box

Use this dialog box to create an OSPFv2 Interface Settings element.

Option Definition
General tab
Name The name of the element.
Authentication Type Select the type of authentication to use. If you select Password, enter the password in the Password field. If you select Message Digest, select an OSPV2 Key Chain element to use.
Option Definition
Advanced tab
Interface Cost Enter the interface cost value for the cost command.
Router Priority Enter the value for the priority command.
Retransmit Interval Enter the value for the retransmit-interval command in seconds.
Transmit Delay Enter the value for the transmit-delay command in seconds.
MTU mismatch detection Select this option to use the mtu-ignore option.
Hello Interval Type Select the type of hello interval to use. If you select Fast Hello, the hello packets are sent at more frequent intervals.
Hello Interval Enter the value for the hello-interval command in seconds.
Dead Interval Enter the value for the dead-interval command in seconds.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.

OSPFv2 Area dialog box

Use this dialog box to create an OSPFv2 Area element.

Option Definition
General tab
Name The name of the element.
Area ID Enter the ID for the area.
Area Type Select the type of area to use.
  • Normal — Uses the normal type of area as defined in RFC 2328. This is an area that can be used as a transit network. Transit networks are networks capable of carrying data traffic that is neither locally originated nor locally destined.
  • Stub — Uses the stub option. A stub area does not receive route advertisements external to the AS.
  • Not so stubby — Uses the nssa option. The not-so-stubby area can import external routes and send them to other areas.
Option Definition
ABR tab
Subnet To select the network, double-click the Subnet cell.
Summarized for other areas Select from the following options for the summary-address command:
  • Aggregate — Summarizes intra area paths from the specified area into one Type-3 summary-LSA that is announced to other areas.
  • Not-advertise — Uses the not-advertise option. Instead of summarizing intra area paths, they are filtered. The paths are not advertised to other areas.
  • Substitute with — Substitutes a summarized prefix with another prefix. Select the Network element to use as a substitute.
Add Adds a row to the table.
Remove Removes the selected row from the table.
Area Default Cost Enter the value for the default-cost command.
Shortcut capable Area Uses the shortcut option.
Filter table Select inbound and outbound filters for the IP Access List and IP Prefix List.
Option Definition
Virtual Links tab
Virtual Links table Add the router IDs for endpoints A and B. To use an alternative OSPFv2 Interface Settings element, double-click the Interface Settings cell.
Add Adds a row to the table.
Remove Removes the selected row from the table.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.

OSPFv2 Key Chain dialog box

Use this dialog box to create an OSPFv2 Key Chain element.

Option Definition
Name The name of the element.
Key Chain table
  • Send Key — When you have several rows of keys, select which key is valid.
  • Key ID — A unique identifier for the key
  • Key — Enter the key.
  • Comment — An optional comment for your own reference.
Add Adds a row to the table.
Remove Removes the selected row from the table.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.

PIM Profile Properties dialog box

Use this dialog box to create a PIM Profile element.

Option Definition
General tab
Name The name of the element.
Multicast Group Enter a multicast IPv4 network.
PIM Mode
  • PIM-SM — Uses PIM sparse mode.
  • PIM-SSM — Uses PIM source-specific mode.
  • PIM-DM — Uses PIM dense mode.
RP or Mapping Enter the rendezvous point (RP) IP address for PIM-SM or define the mapping for PIM-SSM. This option is not used with PIM-DM.
  • When PIM-SM is used, enter a unicast IPv4 address to use as the RP. Leave the cell blank to dynamically use the bootstrap router (BSR) settings.
    Note: Configure the BSR settings in the Engine Editor only if you want to use the firewall as a BSR or RP candidate.
  • When PIM-SSM is used, enter a unicast IPv4 address or domain name suffix to be the source address for any multicast traffic from the defined multicast group. If a domain name suffix is used, the DNS resolving combines the suffix and the group to determine the source address. IGMPv2 queries can be automatically mapped to IGMPv3. If the field is left blank, SSM mapping is not performed, and IGMPv3 is used by default.
Add Adds a row.
Remove Removes the selected row.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.
Option Definition
Advanced tab
Hello Interval Enter how often hello messages are sent in seconds.
Join-Prune Interval Enter how often joined/prune messages are sent in seconds.
SPT Switch Threshold This setting determines when to switch from a shared tree that routes through a designated router (DR), to a shortest-path tree (SPT).

Select the unit from the drop-down list.

  • Kbit/s — After the specified network speed is reached, the routing switches to the SPT.
  • Packets — After the specified number of packets is sent, the routing switches to the SPT.
  • Infinite — The routing never switches to the SPT.
SPT Switch Interval Enter how frequently the SPT switch threshold state is checked in seconds.
Smart Multicast Antispoofing When selected, antispoofing rules are automatically configured to avoid inadvertently blocking multicast traffic. We recommend that you enable this option.

PIM Interface Settings dialog box

Use this dialog box to create a PIM Interface Settings element.

Option Definition
Name The name of the element.
IGMP Settings Select an IGMP Querier Settings element. The element defines the IGMP version and query parameters.
DR Priority Enter the designated router (DR) priority that is advertised in hello messages.
ZBR for Groups Enter multicast groups for zone border routers (ZBR). To enter multiple multicast groups, separate them with a comma. The listed multicast groups do not pass through the interface.
Random Delay Enter the random delay before hello messages are sent. The delay prevents PIM routers from receiving multiple hello messages at the same time.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.

IGMP Querier Settings dialog box

Use this dialog box to create an IGMP Querier Settings element.

Option Definition
Name The name of the element.
IGMP Version Select the version of IGMP to use.
Query Interval (QDI) Enter how often the hello packet is sent in seconds. This option is not supported when the IGMP version is IGMPv1.
Robustness Enter the robustness value. If you expect packet loss in the network, increase this value to send more IGMP messages. This option is not supported when the IGMP version is IGMPv1 or when the IGMP Querier Settings element is used for PIM.
Comment An optional comment for your own reference.
Category Shows the assigned category. Click Select to include the element in predefined categories.