Skip to main content
martyyy
martyyy
Explorer III
February 3, 2026
Question

Local-in Policy OSPF Issue

  • February 3, 2026
  • 1 reply
  • 351 views

Hi ,
We have encountered an issue with FortiGate devices running version 7.4.7, which we recently upgraded to from 7.2.7. When establishing an OSPF session, the OSPF adjacency fails to come up if the required local-in policy is not present. However, even after creating the local-in policy, the adjacency does not establish until we run the command diagnose firewall iprope flush. 

 

The OSPF process and interface configuration appear correct.
OSPF Hello packets are being sent, but no neighbors are learned.

From the debug flow logs, I can see multiple OSPF Hello packets being dropped with the message:
iprope_in_check() check failed on policy 6, drop

Checked known issues for 7.4.7 and can't find any related on this issue.

https://docs.fortinet.com/document/fortigate/7.4.7/fortios-release-notes/236526%E0%A4%95%E0%A5%8B

 

For your advise. TIA :) 

1 reply

BillH_FTNT
Staff
BillH_FTNT
Staff
February 3, 2026

Hi @martyyy 

What is the topology? OSPF over IPsec or SD-WAN? Could you please share more details? I would like to reproduce the issue in my lab. Thank you

Bill

martyyy
martyyyAuthor
Explorer III
February 9, 2026

Hi @BillH_FTNT 

OSPF is running as a broadcast network. At this point, I think there is no issue with the topology rather it's a clear issue with local in policy. I followed the upgrade path 7.2.7 -> 7.2.9 -> 7.4.7. The behavior was not observed in 7.2.9. Thank you

BillH_FTNT
Staff
BillH_FTNT
Staff
February 9, 2026

Hi @martyyy 

Could you please share more details about your network?
It is quite difficult for me to build a lab environment without knowing the interfaces and policies.

  • Which interface is OSPF running on? (normal interface, VLAN, IPsec, etc.)
  • Do you have any custom local policies, or are you using the default ones?
  • If possible, please share the relevant parts of your OSPF, firewall policy, and local‑policy configurations to my email. Thank you.

My email is bhoang@fortinet.com.
Please send them to me when you can, and I will test the scenario in my lab as soon as I receive them.
Thank you.

Bill

Terms & ConditionsAccessibility statement