Learning internal networks by OSPF (without propagating any)

Options
DNIS
DNIS Posts: 3 image  Freshman Member
First Comment
in USG FLEX H Series

We have received several USG FLEX 700H, which we want to connect with each other and to use to gain access to our network from the outside, by split-tunneling traffic towards the "internal" interface.

As our network is big and I do not want to add all different private and public networks/addresses manually, I wanted to ask, if the device is capable of speaking OSPF on the "internal" interface (ge14), so it can dynamically learn all reachable networks there?

Thank you for any pointers.

Accepted Solution

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,537 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    Answer ✓

    Hi @DNIS ,

    Currently, the USG FLEX 700H does not support OSPF.

    You're welcome to check out and vote for the feature request at the link below:

    Implementing BGP, RIP and OSPF features for H series — Zyxel Community

    Zyxel_Judy

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,537 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @DNIS ,

    Since the USG FLEX 700H does not support OSPF, we'd like to help you find a suitable workaround using static routes.
    To better understand your setup and suggest the most appropriate solution, could you please provide the following details?
    1. Network topology and subnet planning

    • How many USG FLEX 700H devices do you have, and how are they connected to each other? (e.g., via VPN tunnel, direct link, or WAN?)
    • What are the internal subnets/network segments on each site? (e.g., 192.168.1.0/24, 10.0.0.0/8, etc.)
    • Which interface is used as the "internal" interface (ge14) on each device, and what networks are reachable through it?

     

    2. Traffic flow and access requirements

    • Which devices or networks need to access which? (e.g., remote VPN users need to reach all internal subnets, or Site A needs to reach Site B's internal servers?)
    • Is the split-tunneling applied to VPN clients coming in from outside, or between the USG FLEX 700H units themselves?
    • Are there any specific subnets that should or should not be accessible through the tunnel?

     

    The more detail you can share, the better we can tailor the workaround for your environment. A simple network diagram would also be very helpful if available.

    Zyxel_Judy

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)