- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Priority and OSPF IPSEC Tunnels
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 11-18-2009 07:41 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Priority and OSPF IPSEC Tunnels
Will the priority set in the static routes flow down and be used by the ipsec tunnels on those interfaces?
In other words, would I be able to unset the cost from the ospf-interface secion for each interface so they are all set to 10 and rely on the priority set in the static route to determine how to route traffic?
config router static
edit 1
set device " wan1"
set gateway 66.43.75.17
set priority 20
next
edit 2
set device " wan2"
set gateway 69.193.166.49
next
config ospf-interface
edit " Ny-Rgts-Paetec"
set cost 20
set interface " Ny Rgts-Paetec"
set network-type point-to-point
next
edit " Ny-Twc-Comcast"
set cost 10
set interface " Ny Twc-Comcast"
set network-type point-to-point
next
end
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don' t believe the two are related. Port priority is independent of OSPF port cost. OSPF is based on number of hops.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Not applicable
Created on 11-19-2009 12:44 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello daronberg,
Each routing protocol has got an admin distance (preference), that can be changed, which is not related to cost of an OSPF interface.
That last one is used only for OSPF route selection (in case for example if 2 similar routes are received via 2 links).
You will find more details about admin distance here :
Technical Note : FortiGate IP route selection, and how to change the administrative distance (preference) of a routing protocol
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30086
Concerning priority on static routes, this applies to static routes only and the FortiGate uses that to decide which route will be used to effectively route traffic.
Mode information about that here :
Technical Note : Setting priority on static default routes to create a primary (preferred) and a secondary path
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30907
-J.
Not applicable
Created on 11-19-2009 06:46 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank You.
I believe I am clear on the static route side.
In a nutshell setting the priority on the static route only affects the static routes and has no bearing on any of the OSPF tunnels.
On the OSPF side how would I adjust the weighting of the interface between two ospf tunnels. I would like to prioritize the routes so they use VPN Tunnel B instead of VPN Tunnel A. Can I do this without using Policy Routes?
Diagram:
Router A
WAN 1 (ISP 1)
Internet
OSPF via VPN Tunnel A
WAN 2 (ISP 2)
Internet
OSPF via VPN Tunnel B
Router B
WAN 1 (ISP 3)
Internet
OSPF via VPN Tunnel A
WAN 2 (ISP 4)
Internet
OSPF via VPN Tunnel B
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From the CLI:
config router ospf
config ospf-interface
edit " <OSPF_interface>"
set cost xx (lower cost = higher priority)
next
end
end
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Not applicable
Created on 11-19-2009 07:29 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats what I thought. See my config above. Unfortunately, it did not have the desired results. Traffic was still not consistently being directed over the proper tunnel. I read somewhere that depending what order the default routes where entered for wan1 and wan2 would govern priority for other routes that use the wan1 and wan2 physical interface. Not sure if that could be it.
Related Posts
- VPN tunnel connected but i can't... 71 Views
- Connection across Hub and Spoke BGP 41 Views
- how to create point to multiple... 128 Views
- Aggregate dial-up IPsec tunnel 292 Views
- WAN Design using iBGP SD-WAN (optional... 128 Views
Labels
-
FortiGate
6,938 -
FortiClient
1,366 -
5.2
801 -
5.4
639 -
FortiManager
600 -
FortiAnalyzer
438 -
6.0
416 -
5.6
362 -
FortiAP
362 -
FortiSwitch
358 -
FortiClient EMS
281 -
FortiMail
269 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
168 -
6.4
128 -
FortiNAC
123 -
FortiGuard
111 -
IPsec
98 -
FortiGateCloud
92 -
FortiSIEM
91 -
SSL-VPN
87 -
FortiCloud Products
85 -
FortiToken
75 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
48 -
FortiADC
45 -
FortiEDR
42 -
SD-WAN
42 -
Fortivoice
41 -
FortiDNS
37 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
High Availability
28 -
FortiAuthenticator
27 -
VLAN
27 -
FortiConnect
24 -
FortiWAN
23 -
ZTNA
21 -
FortiConverter
21 -
FortiGate v5.2
19 -
DNS
19 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
SAML
17 -
LDAP
17 -
Certificate
17 -
BGP
16 -
VDOM
16 -
FortiMonitor
14 -
FortiLink
14 -
Interface
14 -
Logging
14 -
Authentication
13 -
FortiGate v5.0
13 -
Routing
13 -
FortiDDoS
13 -
FortiCASB
12 -
NAT
11 -
RADIUS
10 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Fortigate Cloud
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
SSID
8 -
FortiBridge
8 -
WAN optimization
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
IP address management - IPAM
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Traffic shaping policy
6 -
Web application firewall profile
6 -
Proxy policy
5 -
Packet capture
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Antivirus profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 991 | |
| 827 | |
| 462 | |
| 440 | |
| 132 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.