Within the Sophos firewall you have an option to distribute the default route via OSPF. However, by default this will not be applied to Sophos firewalls who receive this route.
Enable distributing default route
To enable distributing the default route (Default-information originate), you can check this option under Configuring > Routing > OSPF when you unfold the “Advanced settings”.
Regular: This will advertise the default route if it exist in the routing table.
Always: This will advertise the default route even if a default route does not exist.
Allow the default route
On the Sophos firewall(s) connected via OSPF, you should accept the route in the kernel. This can be done via a command in the console. You can connect via ssh or within the web interface by clicking on the firewall name at the right top and select “Console” in the dropdown menu.
Within the console, login with the admin account and select option “3. Route Configuration”, then select option “1. Configure Unicast Routing” and as last select option “2. Configure OSPF”. Following the commands below to allow summarization:
ospf> enable
ospf# configure terminal
ospf(config)# router ospf
ospf(config-router)# ospf push-default-route-to-kernel
To disable this option, follow the steps above, but use the following command instead:
ospf(config-router)# no ospf push-default-route-to-kernel
Comments are closed