firstable i want to apologize for my bad english, it is my third language,and i am still a student so please bare with me here.
i have an unusual issue regarding OSPF and the master fortigate
1-i have configured two core L3 switches with the following :
-core1 : creating 4 intervlans with the ip of 192.168.X.2 while x is the number of vlan
-core2 : creating 4 intervlans with the ip of 192.168.X.3 while x is the number of vlan
configuring hsrp on both cores and increasing the priority of vlan 10 and 30 on core1 and increasing the
the priority of 20 and 40 in core2 , i did that so i can load balance the traffic coming from the vlans to the core L3switches
-core1 : i have configured an ethernet interface facing the firewall with an ip of 10.10.1.2/24 and the interface facing the edge router is a switchport
-core2 : same configs except for the ip is 10.10.1.3/24
i have configured ospf on both core L3switches and it formed neighborship with the fortigate and i advertised the vlans 192.168.x.0/24
ON the fortigate side :
first,i configured PORT1 as a LAN port facing the L3switch with an ip of 10.10.1.1 BLUE LINE IS THE INSIDE NETWORK,and PORT2 as a WAN port facing the edge router with an ip of 172.16.100.4. GREEN LINE IS THE OUTSIDE NETWORK
i have configured the two firewalls to use HA setting the mode to ACTIVE/ACTIVE and making the priority high on the right side so it would be the master fortigate .
now all the configs i do on the master fortigate it would be cloned on the slave
when i configured OSPF though on the MASTER it formed a neighborship but i cannot reach the 192.168.x.0/24 network there are no entry for it in the routing table , but when i shutdown the master fortigate and the i accessed the slave all the configs were there and the 192.168.x.0/24 was on the routing table learned from OSPF.
also i tried creating a loopback on the coreswitch and when i advertised it the right fortigate learned it from ospf with no problems
the second problem is that when i created a static route from the master fortigate to the 192.168.x.0/24 network i had to set the next hop interface to 10.10.1.2 and the slave cloned the static router but it wont work on it because it has no connection to 10.10.1.2 interface only 10.10.1.3
and if i shutdown the right fortigate and access the left one and create the static route to reach 192.168.x.0/24 through 10.10.1.3 it would send this config to the other one and override the first static route through 10.10.1.2
PS: that red stretched circle is representing a BVI