Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
subramanis
Staff
Staff

Created on ‎07-30-2024 07:55 AM Edited on ‎10-13-2025 10:56 PM By Community Manager

Article Id 329017

Technical Tip: How to redistribute a default route in an OSPF NSSA area

Description This article describes how to redistribute a default route in an OSPF NSSA area.
Scope FortiGate.
Solution

Topology:

 

Captureospf.PNG

 

 

The goal is to advertise the default route from the NSSA ASBR towards the rest of the OSPF domain, and the NSSA ABR to the NSSA area.

 

config router ospf

    config area

        edit 0.0.0.1

            set nssa-default-information-originate ?
enable Redistribute Type-7 default route from routing table.
always Advertise a self-originated Type-7 default route.
disable Do not advertise Type-7 default route.

 

  • set nssa-default-information-originate enable: It will advertise the default route that already exists in its routing table.
  • set nssa-default-information-originate always: It will advertise the default route, even if the default route doesn’t exist in its routing table. However, the following conditions apply.

 

To advertise the default route, 'always' requires the router to be an ABR, whereas 'enable' only requires that the default route be in the routing table.

 

'set nssa-default-information-originate enable' use case:

 

FortiGate 3:

 

show router ospf 
config router ospf
    set router-id 34.0.0.1
        config area
            edit 0.0.0.1
                set type nssa <-
                set nssa-default-information-originate enable <-
            next
        end
        config ospf-interface
            edit "1"
                set interface "port1"
                set network-type point-to-point
            next
            edit "2"
                set interface "port2"
                set network-type point-to-point
            next
        end
        config network
            edit 2
                set prefix 23.0.0.0 255.255.255.0
                set area 0.0.0.1
            next
end
 
FortiGate 2:
 
show router ospf 
config router ospf
    set router-id 23.0.0.1
        config area
            edit 0.0.0.0
            next
            edit 0.0.0.1
                set type nssa <-
            next
        end
        config ospf-interface
            edit "1"
                set interface "port1"
                set network-type point-to-point
            next
            edit "2"
                set interface "port2"
                set network-type point-to-point
            next
            edit "3"
                set interface "1.1.1.1"
                set network-type point-to-point
            next
        end
        config network
            edit 1
                set prefix 12.0.0.0 255.255.255.0
            next
            edit 2
                set prefix 23.0.0.0 255.255.255.0
                set area 0.0.0.1
            next
            edit 3
                set prefix 1.1.1.1 255.255.255.255
            next
end
 
In the FortiGate 3 routing table, the default route already exists:
 
get router info routing-table static
Routing table for VRF=0
S* 0.0.0.0/0 [10/0] via 10.109.63.254, mgmt, [1/0]
 
FortiGate 2 receives the default route from FortiGate 3.
 
get router info routing-table ospf 
Routing table for VRF=0
O*N2    0.0.0.0/0 [110/10] via 23.0.0.2, port2, 01:13:59, [1/0]
 
'set nssa-default-information-originate always' use case:
 
In the FortiGate 3 routing table, the default route doesn't exist.

 

get router info routing-table static
No route available

 

config router ospf

    config area

        edit 0.0.0.1

            set nssa-default-information-originate always <-

    end

end

 

FortiGate 2 does not receive the default route from FortiGate 3 because, according to the condition, it should be enabled on ABR (NSSA ABR), and not in ASBR (NSSA ASBR).

 

get router info routing-table ospf
No route available

 

config router ospf

    config area

        edit 0.0.0.1

            set nssa-default-information-originate always

end

 

FortiGate 3 receives the default route from FortiGate 2.

 

get router info routing-table ospf
Routing table for VRF=0
O*N2 0.0.0.0/0 [110/10] via 23.0.0.1, port1, 00:26:37

 

Note: FortiGate 2 does not advertise the default route to FortiGate 1, which is the expected behavior in accordance with the OSPF design.

 

To advertise the default route to Area 0, follow the instructions in Technical Tip: How to redistribute a default route in OSPF.
1398
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.