Description
In FortiGate, to set status disable under ospf-interface will only prevent the parameters defined here for the OSPF interface from being used. It will not disable an OSPF interface and bring down the OSPF.
Solution
The behavior described is by design as explained by the following example:
config router ospf
config area
edit 0.0.0.0
next
end
config network
edit 1
set prefix 30.1.0.0 255.255.0.0
next
end
config ospf-interface
edit " ravip_vlan "
set dead-interval 80
set hello-interval 20
set interface "ravip_vlan"
set ip 30.1.1.1
set priority 254
set status disable <========= This will not bring down the adjacency as below
next
end
set router-id 1.1.1.1
end
# get router info ospf neighbor
OSPF process 0:
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 Full/Backup 00:00:32 30.1.1.1 ravip_vlan <========= OSPF adjacency is still up
200.200.0.1 250 Full/DR 00:00:30 30.1.1.2 ravip_vlan
If it is required to bring down and up the OSPF adjacency for testing purpose, this should be disabled directly on the physical or VLAN or IPSec interface on which OSPF is configured as shown below by bringing down the interface:
config system interface
edit "ravip_vlan"
set vdom "root"
set ip 30.1.1.1 255.255.255.0
set allowaccess ping https ssh
set status down <========== To bring down the OSPF adjacency
set snmp-index 5
set interface "wan2"
set vlanid 333
next
end
