@Reaper To be fair to me, we re-IP'd everything so we could have the palo and checkpoints up side by side for quick cutover, but my networking guy never gave me the right IP to point to.
Do your peers happen to have authentication enabled? Filter the system.log for ospf messages or increase debugging and tail the routed.log -debug routed on debug -tail follow yes mp-log routed.log
As usual this was my fault. I wasn't using the correct IP on my subinterface. Heavy sigh.
Do your peers happen to have authentication enabled? Filter the system.log for ospf messages or increase debugging and tail the routed.log -debug routed on debug -tail follow yes mp-log routed.log
I'll put that on my to-do list ;)
Check if anything is getting blocked in either direction
Are you allowing ospf in your security rules (from interface to peer, from peer to interface)?