Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MisterAG
New Contributor

Created on ‎10-11-2012 01:00 PM

CLI Command to add OSPF Passive Interface

Right now, in order to add a passive interface to OSPF I need to enumerate all of the existing passive interfaces, plus the new one. Am I missing an easier way, perhaps a passive-interface-default or passive-interface-default-except option? Example: I currently have this config: config router ospf set passive-interface VLAN10 VLAN20 VLAN30 end in order to add VLAN40, I need to know all of the existing passive interfaces, and tack on VLAN40 config router ospf set passive-interface VLAN10 VLAN20 VLAN30 VLAN40 end Is there a way to simply tack on VLAN40 to the existing config?
10153
0 Kudos
3 REPLIES 3
g3rman
New Contributor

Created on ‎12-02-2012 10:09 PM

I' m pretty sure you' re thinking of the equivalent Cisco or Juniper commands where you set OSPF to have all interfaces passive by default and then enable specific interfaces. I combed through the CLI reference and it appears that with the Fortinet implementation you have to manually make each interface passive and there is no easier, default passive way.
A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com
A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com
2117
0 Kudos
FortiRack_Eric
New Contributor III

Created on ‎12-03-2012 01:46 AM

I can confirm there' s no easier way to do this. You have to make a procedure (mental note) to add a network to the passive interfaces every time you add new network that doesn' t participate in the OSPF network.

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
2121
0 Kudos
Carl_Wallmark
Valued Contributor

Created on ‎12-03-2012 02:00 AM

Hi, In FOS 5.0 there is a new CLI command " append" You can use like this: config router ospf append passive-interface VLAN40 end This will simply add VLAN40 to the interface.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
2117
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.