To see routes being learned by OSPF, use the following command

show routing protocol ospf lsdb

To see what routes we are exporting to OSPF from all virtual routers, use the following command

show routing protocol redist ospf

To limit the output to a specific virutal router, use the following command

show routing protocol redist ospf virtual-router VR_NAME

If you enable OSPF and export a redistribution profile that has the source type configured but no filters, all routes will be exported.

To set the OSPF route to all OSPF peer IP addresses in the firewall's routing table, you need to edit the following field.

Router > OSPF > Areas > 0.0.0.0 > Interface > [interface id] > Metric

To set what the peer appliance uses as a metric on the route it learns from the firewall, set the value in the Metric option of the OSPF export rule. If Ext2 is selected, then the peer appliance uses this value in its routing table. If Ext1 is selected, then the peer appliance uses this value added to a value of its own in its routing table. If the peer appliance is a Palo Alto Networks firewall, you can set the peer appliance's value at the following location.

Router > OSPF > Areas > 0.0.0.0 > Interface > [interface id] > Metric

When setting OSPF over VPN links (tunnel interfaces), make sure that Link Type is set to p2p at the following configuration location.

Router > OSPF > Areas > 0.0.0.0 > Interface > tunnel.9 > Link Type

With OSPF, you can summarise routes from one area to another if the firewall has an interface in one area and another interface in another area.

When you have a firewall with a leg in 0.0.0.0 and a leg in 0.0.0.2, if you configure “Range” in 0.0.0.0 with the summary path you want, that summary will be distributed, along with all other routes, into 0.0.0.2.

If you have two firewalls (active/active) doing this, then set the area 0.0.0.0 > Interface metric of the primary to 10 and the area 0.0.0.0 > Interface metric of the secondary to 11 and that means OSPF peers in 0.0.0.2 area will prefer to get their 0.0.0.0 area routes from the primary

If you want to redistribute loopback addresses, you will need to create a local static route that points the loopback IP (/32) to itself (IP) as the next hop. You can then redistribute the static route.