Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 8063 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OSPF on Sophos XG 115 - not accepting auth type "none"

Marcelo Barcelos

 

I am replacing a SG UTM with a XG firewall, all the configuration was replicated, only OSPF between my Core Switch and an ASA Firewall (where the Sophos stays) gave problems. From the LAN (connected to an access switch and the Core switch), I couldn´t reach the ASA. My guess is the OSPF configuration. 

About the OSPF configuration, the only issue apparently, was the authentication type, my actual settings are for none (off in the case of the SG) and on the XG I don't seem to have that option.

Reading other forums with similar problems, I already set /configure/network/zones/wan/ and added "ping" and "Dynamic Routing" to the WAN port.

Thanks all.



This thread was automatically locked due to age.
  • 0

    Hi Marcelo,

    With the help from Leon (Sophos guy), I thought we've found the way to solve this.

    From my point of view, please ignore the GUI settings for any of the OSPF settings. it would be much easier to work through the CLI.

    Go to right up corner to access console, then choose option 3 "Route Configuration" then option 1 "Configure Unicast Routing", then option 2 "Configure OSPF", 

    You will get the prompt like "ospf>"

    use "en" to get into enable mode,"ospf#"

    conf t

    router ospf
    ospf router-id 12.12.12.12
    network 1.1.1.0/24 area 0.0.0.0
    network 10.10.101.0/24 area 0.0.0.0
    network 172.16.16.0/24 area 0.0.0.0

    It's quite similar with Cisco command line. 

    Just hoping this could help you out.

     

     

    Cheers,

    XP

  • 0

    Which firmware version are you using?

    When I try this it says "You must enter a value for Virtual Links or select Authentication". Doing either should allow you to save this.

    You only need to add an area if you are using more than the standard backbone 0.0.0.0

    You can check the OSPF database in the Information tab to confirm your routes.

  • 0 in reply to Sam Thompson

    Hi Sam,

    Not quite sure if this is for me, but I am using the 17.0.5 MR-5, should be the latest version of SFOS.

    The whole env I am working with is a test lab, I got the other brand router that connected to XG310 to test the WAN port OSPF connection.

    Just hoping this would be helpful.

    Thanks,

    XP

  • 0 in reply to Peng Xia

    Hello Peng,

    Sorry, my reply was for at the Marcelo and his original question.

    Thanks.