Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
tpatel
Staff
Staff

Created on ‎09-19-2024 10:48 PM

Article Id 342602

Technical Tip: How to check OSPF advertised and received routes on a FortiGate

Description This article describes how to check OSPF advertised and received routes on a FortiGate.
Scope FortiOS.
Solution

Topology:

 

Picture6.png

 

Advertised connected route over OSPF.

OSPF Configuration through CLI.

Fortigate1 OSPF configuration.

192.168.80.2 is a directly connected route on Fortigate1.
Both FortiGate are in the same Area 0.0.0.11.

 

Fortigate1 # config router ospf

Fortigate1 (ospf) # show
config router ospf
    set router-id 1.1.1.1 ------------> Router is to 1.1.1.1.
    set restart-mode graceful-restart
        config area
            edit 0.0.0.11
            next
        end
        config ospf-interface
            edit "ospf1"
                set interface "port4"
            next
        end
        config network
            edit 1
                set prefix 10.112.1.0 255.255.255.0
                set area 0.0.0.11
            next
        end
        config redistribute "connected"
            set status enable
        end
        config redistribute "static"
        end
        config redistribute "rip"
        end
        config redistribute "bgp"
        end
        config redistribute "isis"
        end
end

 

Fortigate2 ospf configuration.

 

Fortigate2 # config router ospf

Fortigate2 (ospf) # show
config router ospf
    set router-id 4.4.4.4 ---------------------> Router ID to 4.4.4.4.
    set restart-mode graceful-restart
        config area
            edit 0.0.0.11
            next
        end
        config ospf-interface
            edit "port1"
                set interface "port5"
            next
        end
        config network
            edit 1
                set prefix 10.112.1.0 255.255.255.0
                set area 0.0.0.11
            next
        end
        config redistribute "connected"
            set status enable
        end
        config redistribute "static"
            set status enable
        end
        config redistribute "rip"
        end
        config redistribute "bgp"
        end
        config redistribute "isis"
        end
end

 

Run OSPF debug on both FortiGate.

 

diagnose debug console timestamp enable
diagnose ip router ospf all enable
diagnose ip router ospf level info
diagnose debug enable

2024-09-17 20:11:45 OSPF: LSA[0.0.0.11:Type1:1.1.1.1:(self)]: Flooding to neighbor[4.4.4.4] --> Neighbour Router ID.
2024-09-17 20:11:45 OSPF: LSA[0.0.0.11:Type1:1.1.1.1:(self)]: Added to neighbor[4.4.4.4]'s retransmit-list
2024-09-17 20:11:45 OSPF: LSA[0.0.0.11:Type1:1.1.1.1:(self)]: Sending update to interface[port4:10.112.1.19]

2024-09-17 20:11:45 OSPF: NSM Message Header
2024-09-17 20:11:45 OSPF: VR ID: 1
2024-09-17 20:11:45 OSPF: VRF ID: 0
2024-09-17 20:11:45 OSPF: Message type: IPv4 Route (31)
2024-09-17 20:11:45 OSPF: Message length: 60
2024-09-17 20:11:45 OSPF: Message ID: 0x00000000
2024-09-17 20:11:45 OSPF: NSM IPv4 route add
2024-09-17 20:11:45 OSPF: Flags: 1
2024-09-17 20:11:45 OSPF: Route: 192.168.80.0/24
2024-09-17 20:11:45 OSPF: Type: 2
2024-09-17 20:11:45 OSPF: Metric: 0
2024-09-17 20:11:45 OSPF: Distance: 0
2024-09-17 20:11:45 OSPF: Nexthop: 0.0.0.0 ifindex 11 tag 0 flag 0x0
2024-09-17 20:11:45 OSPF: NSM[Redistribute:Connected]: 192.168.80.0/24 created --> Connected routes.

2024-09-17 20:11:45 OSPF: LSA[-:Type5:192.168.16.0:(self)]: Sending update to interface[port4:10.112.1.19]
2024-09-17 20:11:45 OSPF: LSA[-:Type5:192.168.16.0:(self)]: AS-external-LSA(0xd58c3910) originated
2024-09-17 20:11:45 OSPF: LSA[-:Type5:192.168.80.0:(self)]: Install AS-external-LSA, 1, 0x7f1dd58c30f0
2024-09-17 20:11:45 OSPF: LSA[-:Type5:192.168.80.0:(self)]: LSA refresh scheduled at LS age 1236
2024-09-17 20:11:45 OSPF: LSA[-:Type5:192.168.80.0:(self)]: Flooding via interface[port4:10.112.1.19] ---> Advertised through OSPF Interface

2024-09-17 20:11:45 OSPF: AS-external-LSA
2024-09-17 20:11:45 OSPF: Network Mask 255.255.255.0
2024-09-17 20:11:45 OSPF: bit E TOS=0 metric 10
2024-09-17 20:11:45 OSPF: Forwarding address 0.0.0.0
2024-09-17 20:11:45 OSPF: External Route Tag 0
2024-09-17 20:11:45 OSPF: LSA Header
2024-09-17 20:11:45 OSPF: LS age 1
2024-09-17 20:11:45 OSPF: Options 0x2
2024-09-17 20:11:45 OSPF: LS type 5 (AS-external-LSA)
2024-09-17 20:11:45 OSPF: Link State ID 192.168.80.0
2024-09-17 20:11:45 OSPF: Advertising Router 1.1.1.1
2024-09-17 20:11:45 OSPF: LS sequence number 0x80000001
2024-09-17 20:11:45 OSPF: LS checksum 0x407
2024-09-17 20:11:45 OSPF: length 36

 

# get router info ospf database adv-router 1.1.1.1

OSPF Router with ID (1.1.1.1) (Process ID 0, VRF 0)

Router Link States (Area 0.0.0.11)

Link ID ADV Router Age Seq# CkSum Flag Link count
1.1.1.1 1.1.1.1 872 8000016c 9af2 0031 2

AS External Link States
10.9.0.0 1.1.1.1 972 80000057 4228 0031 E2 10.9.0.0/20 0
10.9.16.0 1.1.1.1 652 80000057 91c8 0031 E2 10.9.16.0/20 0
192.168.80.0 1.1.1.1 942 80000057 575d 0031 E2 192.168.80.0/24 0

 

OSPF debug on Fortigate2.

OSPF neighbor status.

 

Fortigate2 # get router info ospf neighbor
OSPF process 0, VRF 0:
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 Full/DR 00:00:40 10.112.1.19 port5


Hello and LS Update on Fortigate2 from Router ID 1.1.1.1

OSPF: -----------------------------------------------------
OSPF: RECV[Hello]: From 1.1.1.1 via port5:10.112.1.21 (10.112.1.19 -> 224.0.0.5)
OSPF: -----------------------------------------------------
-----------------------------------------------------
OSPF: RECV[LS-Upd]: From 1.1.1.1 via port5:10.112.1.21 (10.112.1.19 -> 224.0.0.5) ---->Received Route From 10.112.1.19
OSPF: -----------------------------------------------------
OSPF: Header
OSPF: Version 2
OSPF: Type 4 (Link State Update)
OSPF: Packet Len 460
OSPF: Router ID 1.1.1.1
OSPF: Area ID 0.0.0.11
OSPF: Checksum 0x39cb
OSPF: AuType 0
OSPF: Link State Update

OSPF: LSA[-:Type5:192.168.80.0:1.1.1.1]: Instance(0x5167e330) created with Link State Update
OSPF: LSA[-:Type5:192.168.80.0:1.1.1.1]: flood started
OSPF: LSA[-:Type5:192.168.80.0:1.1.1.1]: Flooding via interface[port5:10.112.1.21]
OSPF: LSA[-:Type5:192.168.80.0:1.1.1.1]: Flooding to neighbor[1.1.1.1]
OSPF: Route[ASE]: 192.168.80.0/24 no route to ASBR(1.1.1.1)
OSPF: LSA[-:Type5:192.168.80.0:1.1.1.1]: Install AS-external-LSA, 2, (nil)

 

Fortigate2 routing table.


OSPF route installed in the routing table on secondary FortiGate.

 

Fortigate2 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
V - BGP VPNv4
* - candidate default
Routing table for VRF=0
S* 0.0.0.0/0 [1/0] via 10.9.15.254, port1, [1/0]
C 10.9.0.0/20 is directly connected, port1
C 192.168.7.0/24 is directly connected, port4
O E2 192.168.80.0/24 [110/10] via 10.112.1.19, port5, 00:00:05, [1/0] -- OSPF route in routing table on Fortigate 2

 

Labels:
9770
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.