Dear all,
We are currently trying to split our compagny, and as well the network/security infrastructure. To do so, we set up VDOM on a Fortigate - FortiOS 5.6.4 (current VDOM root = the old "global" before VDOM enable, and VDOM NEW-CORE = the VDOM added to design a new infrastructure).
Initially, the VDOM root has an OSPF area 0 and is peer with another Fortinet (working fine today) with the same area 0.
When we tried to add the router ospf area 0 in the VDOM NEW-CORE, there was an incident : lost of the production flows on the VDOM root, as if routing was NOK after the change on the VDOM NEW-CORE. A rollback solved the issue.
In summary, my question is : can we have OSPF area 0 running on multiple VDOM ?
PS: Due to another CPU issue, we recently updated on FortiOS 6.2.4
Thank you in advance for your answers.
Best Regards,
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Sure you can. Think of the 2 VDOMs as 2 separate and independent Fortigate devices. Most probably what caused this outage was not the mere fact of enabling OSPF on the new VDOM and adding it to area 0, but consequent change of routing topology once you added new VDOM. So, think how adding new OSPF neighbor with routes and the costs it advertises will influence your whole network routing. If you can afford downtime, you could record routing tables of all involved Fortigates/VDOMs, then enable new VDOM again and compare the changes in the routing it caused.
Sure you can. Think of the 2 VDOMs as 2 separate and independent Fortigate devices. Most probably what caused this outage was not the mere fact of enabling OSPF on the new VDOM and adding it to area 0, but consequent change of routing topology once you added new VDOM. So, think how adding new OSPF neighbor with routes and the costs it advertises will influence your whole network routing. If you can afford downtime, you could record routing tables of all involved Fortigates/VDOMs, then enable new VDOM again and compare the changes in the routing it caused.
Hello Yurisk,
Thank you for your answer. We will try to schedule a change in the next days / weeks in order to test it again. I'll keep this post updated as soon we have the results.
Regards,
Guillaume.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.