I have a requirement to dynamically learn routes on one side of a firewall pair and send them to the inside. I have suggested running one OSPF process on the outside and redistribute specific routes into another ospf process on the inside. The firewall team have come back with a request to run OSPF "through" the firewall (dynamic protocols, security concerns blah blah). I have a config that should work to allow neighboring between 2 routers on different ASA interfaces.
My question is what is the general concensus on Firewalls and OSPF. What exactly are the concerns running OSPF on the Firewall and are there any benefits to running this config where we peer through the firewall ?
Any time previously when I have suggested a dynamic protocol on firewalls the security teams snap back with the "security concerns" get out.
Thanks for any replies, Stephen.