Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
journeyman
Contributor

Created on ‎10-06-2014 09:59 PM

OSPF backup path - forms a loop?

In the diagram below, is there a way to configure ospf on the link between FGT2 and FGT3? The aim is to provide a backup path to FGT3 given the flaky nature of the primary link. BTW, flaky is relative - it' s OK but not perfect. When I used area 0.0.0.5, FGT3 lost its area 0 routes but FGT2 was OK. When I used area 0.0.0.6, FGT2 lost its area 0 routes and FGT3 was also impacted (presume it also lost area 0 routes, didn' t confirm). Is this possible with appropriate configuration, or is the concept doomed? Thanks in advance.
Rp42952.jpg
Preview file
24 KB
2591
0 Kudos
2 REPLIES 2
emnoc
Esteemed Contributor III

Created on ‎10-08-2014 01:51 PM

Will you need to look at ospf design concepts. In you case area 2 & 5 can' t pass inter-area traffic all areas without attachment to area 0. So to do this, you need to build a ospf virtual link and then adjust the ospf paths to select the area 5 link for area 2 and 5 . With looking very deeply into this, I believe you can config a virtual-link thru area 5 from the FGT that' s in area2 and adjust the ospf path costs to make the routes thru this virtual-link more preferred via the ospf metrics. FWIW; Your topology map present some personal interests, and I might lab this in GNS3 using cisco routers and see what happens.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1138
0 Kudos
journeyman
Contributor
In response to emnoc

Created on ‎10-09-2014 08:18 PM

Thank you. I knew I had an area related issue but wasn' t sure exactly how. Do I understand correctly: Add the slow link to area 5. In the area 5 config of FGT3 set up a virtual link to FGT1 (via FGT2 because it' s in area 5). Adjust metrics to taste. In the short term I have changed all links to area 2. It' s not perfect but it' s functional. I' d rather the slow link wasn' t a routing option for a lot of traffic, although not having matching policies has the same end effect. (My favourite firewall policy is " no route to host" :) ) There is enough hardware here to set up a lab for the virtual link solution. It' s something I' d like to try.
1138
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.