Do your peers happen to have authentication enabled? Filter the system.log for ospf messages or increase debugging and tail the routed.log
-debug routed on debug
-tail follow yes mp-log routed.log
@Reaper To be fair to me, we re-IP'd everything so we could have the palo and checkpoints up side by side for quick cutover, but my networking guy never gave me the right IP to point to.
Are you allowing ospf in your security rules (from interface to peer, from peer to interface)?
What would those rules look like? I didn't think I needed any. Is there a link to a doc that you know of?
@Reaper So just default intrazone should be good, yes?
Check if anything is getting blocked in either direction
I'll put that on my to-do list ;)
I keep waiting for you to ban me from the site. :)
I should probably give you a promotion :p
Do your peers happen to have authentication enabled? Filter the system.log for ospf messages or increase debugging and tail the routed.log -debug routed on debug -tail follow yes mp-log routed.log
No auth enabled.
As usual this was my fault. I wasn't using the correct IP on my subinterface. Heavy sigh.
Ah!
@Reaper To be fair to me, we re-IP'd everything so we could have the palo and checkpoints up side by side for quick cutover, but my networking guy never gave me the right IP to point to.