Hi Everybody,
i want to connect two Sophos UTM-Cluster ("DMZ-UTM-1" & "DMZ-UMT-2") via OSPF to an external Partner.
Reason is that i want to connect two local Servers "SRV-1" & "SRV-2" with 2 external Servers ("EXT-SRV-1" & "ESX-SRV-2") with full redundancy (4-Way - 8 Targets).
The used/needed protocol (IEC) is encrypted & stateful, thus does not allow NATting (Checksum-Errors in the packets)...
Classical Routing will not work (in my opinion) as it would require Full-NAT to allow "sticky-reverse-route".
And as stateful firewalls are in place, the reverse packet has to be sent the same way back as it arrived.
So the idea is to use OSPF.
Problem is, till now i have never used OSPF
You have to start at some day 
Here is a scheme of what i would like to do...
I have so many questions:
1. will there be only one OSPF-Area?
2. Are all my Interfaces valid
3. How can i only promote certain Routes to OSPF (like only 4 needed routes - not 74 that really exist)
4. Will there be a conflict between the two DMZ-UTM-Firewall-Clusters?
5. Will the failover work with the used path-cost?
6. so many more ;-)
Here are Pictures of my first try in a demo environment: (different Values used - Sorry)
Main-Way is preferred way. Backup means to use only in case of link-down.
Interfaces:
Area:
Global:
Advanced-Settings:
Sorry for those many questions, but i need to understand this system fast.
Thanks for any advice
Greetings - Franz
This thread was automatically locked due to age.