Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vtsonev
Staff
Staff

Created on ‎05-02-2009 07:59 AM Edited on ‎02-28-2025 05:12 AM By Moderator

Article Id 191699

Technical Tip: How to redistribute a default route in OSPF

Description This article provides explanations on how to redistribute default route in OSPF with different metric, so the peer will get the route with lower than the default metric of 10.
Scope FortiGate.
Solution

The following syntax is used to advertise a default route in OSPF on a FortiGate.

 

config router ospf(ospf) 

set default-information-originate <option>

 

Available options are as follows:

  • 'enable': Enable setting.                 <- This will send a default route if FortiGate has one in the routing table.
  • 'always': Always advertise the default router.     <- This will always send a default route.
  • 'disable': Disable setting.

 

To prevent advertising a default route to some OSPF neighbors behind specific OSPF interfaces:

  1. Do not enable OSPF on those interfaces if this is possible (a static default route towards the ISPs routers might be enough in most cases).
  2. Set those interfaces as passive interfaces if the subnet has to be advertised as OSPF routes but is not forming adjacency.

 

In the GUI, note the same options:

 

kb_3395_1.png
By default, the redistributed default route is with the metric of 10. In order to change the metric for the default route, use the following options (CLI):

 

config router ospf    

set default-information-originate enable   

set default-information-metric 1  <- It is possible to use metric if needed.

set default-information-metric-type type 1 | type2

 

  • Type 1 (E1): Metric increases as it moves through the OSPF domain (cumulative cost).
  • Type 2 (E2 - Default): Metric remains constant, regardless of path cost.

 

The result is the following external LSA generated from the advertising FortiGate:


AS External Link States. 

LS age: 551 

Options: 0x2 (*|-|-|-|-|-|E|-) 

LS Type: AS-external-LSA 

Link State ID: 0.0.0.0 (External Network Number) 

Advertising Router: 172.16.20.2 

LS Seq Number: 80000001 

Checksum: 0xb475 

Length: 36 

Network Mask: /0       

Metric Type: 2                  <- Larger than any link state path.   

TOS: 0       

Metric: 1       

Forward Address: 10.200.1.1       

External Route Tag: 0

 

In the routing table of the peer, it is possible to confirm that the route is with a metric of 1:

 

get router info routing-table data

Codes:

K - kernel, C - connected, S - static, R - RIP, B - BGP      

O - OSPF, IA - OSPF inter area      

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2      

E1 - OSPF external type 1, E2 - OSPF external type 2      

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area      

> - selected route, * - FIB route, p - stale info


Routing table for VRF=0O

E2    0.0.0.0/0 [110/1] via 10.200.1.1, port1, 00:22:17

S    *> 0.0.0.0/0 [10/0] via 172.16.31.254, port10

 

Run the following command to check if the default route is advertised:

 

show router ospf database external


Related articles:
37382
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.