So I feel quite silly that I can't get this working, I haven't done many filters but they were never on a fortigate so I apologize for any ignorance in this post.
So we have a fair bit of individual subnets hanging off of the 10.24.0.0/16 space. I specifically want to filter out every /27 that's hung under 10.24.x.x. So currently I have this as my OSPF and prefix list configuration.
config router prefix-list
set action deny
set prefix 10.43.0.0 255.255.0.0
config router ospf
set router-id 10.10.30.1
set type stub
set list "Block_External-MGMT"
// using the default outbound since this is the origin of redistributed
config redistribute "static"
set status enable
set routemap "static-to-ospf-filter"
set metric-type 1
The redistribution is a working filter list allowing 2 specific static routes be advertised to a separate area I did not list in this config.
To be specific I am trying to keep only the networks I've added into area 6 stay in area 6 and not be impacted by the redis going on at this specific firewall. The other sites on this area get a bunch of subnets redistributed from another area that's working with completely different firewall's.
Thank you for your question. With OSPF route filtering is not so easy as it looks. With OSPF, route filtering can be applied only on ABR. So for example if FortiGate has interfaces in 2 areas, you can filter routes to be distributed from areaX to areaY. Based on your config, your device is only in one area, so filtering will not work. In that case only option is to block/allow routes via redistribution.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.