Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Liza1
New Contributor III

Created on ‎07-12-2024 07:55 AM Edited on ‎08-08-2024 11:59 PM By Moderator

OSPF Areas Problems

I have the following issue and need your help, please. I have a FortiGate device and a router with an internal network of 192.168.0.0/24. I've set up multiple branches in OSPF area 0, excluding the internal network 192.168.0.0/24 because the second branch needs to act as the main distributor.

Additionally, I have two tunnels with another company, set in OSPF area 10. To ensure they see a specific IP address (e.g., 192.168.0.136) from our network, I used "redistribute static". However, enabling this causes the second branch to not see the 192.168.0.0/24 network. When I disable it, the issue reverses, and the other company cannot see the second branch.

Is it possible to resolve this by creating access lists for both OSPF areas? Here's   the configuration snippet for "redistribute static":

1.png2.png3.png

 
 
 

 

 

FortiGate

 

 

467
0 Kudos
1 Solution
Liza1
New Contributor III
In response to Toshi_Esumi

Created on ‎07-15-2024 11:02 PM

In this access-list, I also added 192.168.0.136/32. After that, their connection started working because it was configured to only receive route 192.168.0.136/32. That's how this conflict was resolved. Thank you for your help.

View solution in original post

366
0 Kudos
2 REPLIES 2
Toshi_Esumi
SuperUser
SuperUser

Created on ‎07-12-2024 08:26 AM

Other part of OSPF network doesn't need to have routes for individual host. As long as 192.168.0.0/24 is in the routing table, that router can reach 192.168.0.136 and all other host in the /24 subnet.
Besides, "Redistribut static" in OSPF configuration redistributes all static routes into OSPF domain. You don't have any static routes to those host IPs so it wouldn't do whatever you're thinking it would. Instead, it's causing routing conflict/confusion.

Toshi

457
Liza1
New Contributor III
In response to Toshi_Esumi

Created on ‎07-15-2024 11:02 PM

In this access-list, I also added 192.168.0.136/32. After that, their connection started working because it was configured to only receive route 192.168.0.136/32. That's how this conflict was resolved. Thank you for your help.

367
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.