pretty sure everyone done already site2site vpn bet juniper (small box) and fortigate.
heres my problem vpn interface mode working fine, however when we tried to setup ipsec vpn via ospf we cant see ospf in routing monitor. hope anyone here could post working config/screenshot of juniper and fortigate. thanks
1)Make sure you are using 0.0.0.0 source and 0.0.0.0 destination quick mode selector in vpn
2) Give an ip to tunnel interface:
edit "(name of the tunnel interface to juniper)"
set ip 192.168.1.1 255.255.255.252
set allowaccess ping https ssh
set type tunnel
set remote-ip 192.168.1.2 (This ip should be assigned on Juniper tunnel interface)
3) It is better to ignore mtu for ospf (if it is difficult to match mtu on both sides)
set interface "name of tunnel interface"
set mtu-ignore enable
set network-type point-to-point
1) Quick mode selector is 0.0.0.0
2) St interface ip is set to 192.168.1.2/255.255.255.252
3) mtu-ignore enabled under ospf
4) Make sure either host inbound traffic allows all or ospf on zone
If you still face the problem:
get router info ospf neighbor
diagnose ip router ospf all
diag debug enable
Run similar traceoptions on SRX
Though I am pretty sure if you configure the above ospf should work.
Also the reason we have to use 0.0.0.0 as quick mode selector because the ospf packet will come on Fortigate with source ip as tunnel interface ip of juniper which will not be part of quick mode selector so it will get dropped by flow.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.