I have a Fortgate connected with others using OSPF, this one have some static routes that need to be redistributed over OSPF, so I configured to redistribute all. But now I need to add some static routes that will not to be redistributed.
I found this Technical tip https://community.fortinet.com/t5/FortiGate/Technical-Tip-OSPF-static-routes-redistribution-example/...
Is not exacly what i need but i try to adjust like this....
config router access-list
edit "NOT-Redistribute"
config rule
edit 1
set prefix 10.241.224.0/19
set exact-match enable
set action deny
next
edit 2
set prefix 192.168.192.0/20
set exact-match enable
set action deny
next
edit 3
set prefix 10.241.48.0/20
set exact-match enable
set action deny
next
end
end
edit "Redistribute-ALL"
config rule
edit 1
set prefix 0.0.0.0/0
set exact-match enable
set action accept
next
end
end
end
config router route-map
edit "static-to-ospf"
config rule
edit 1
set match-ip-address "NOT-Redistribute"
next
edit 2
set match-ip-address "Redistribute-ALL"
next
end
end
end
Step 3: Use the route-map.
config router ospf
config redistribute "static"
set status enable
set routemap "static-to-ospf"
end
end
I think that wiht this it will redistribute all static routes except the 3 listed in NOT-Redistribute
Im right?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @DamianE
Say that you have 10 static routes, and you wanted to filter the 3 mentioned in your post, you do not need to have 2 access list. It can be done with one access-list as below:
config router access-list
edit "NOT-Redistribute"
config rule
edit 1
set prefix 10.241.224.0/19
set exact-match enable
set action deny
next
edit 2
set prefix 192.168.192.0/20
set exact-match enable
set action deny
next
edit 3
set prefix 10.241.48.0/20
set exact-match enable
set action deny
next
edit 4
set prefix any
next
end
end
Then, you apply the access-list to route-map and apply the route-map to the ospf settings:
config router route-map
edit "static-to-ospf"
config rule
edit 1
set match-ip-address "NOT-Redistribute"
next
end
end
end
Step 3: Use the route-map.
config router ospf
config redistribute "static"
set status enable
set routemap "static-to-ospf"
end
end
If you still want to separate "allow-all", probably this is the one you wanted to follow.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Create-an-Access-list-on-a-Route-Map-that-...
It could be more flexible when you can to have mulitple "deny" access-lists by grouping them.
I would use "config router prefix-list" though instead of "config router access-list". A little more intuitive if your background is L3 routers, like Cisco, Juniper, etc.
Toshi
Hi @DamianE
Say that you have 10 static routes, and you wanted to filter the 3 mentioned in your post, you do not need to have 2 access list. It can be done with one access-list as below:
config router access-list
edit "NOT-Redistribute"
config rule
edit 1
set prefix 10.241.224.0/19
set exact-match enable
set action deny
next
edit 2
set prefix 192.168.192.0/20
set exact-match enable
set action deny
next
edit 3
set prefix 10.241.48.0/20
set exact-match enable
set action deny
next
edit 4
set prefix any
next
end
end
Then, you apply the access-list to route-map and apply the route-map to the ospf settings:
config router route-map
edit "static-to-ospf"
config rule
edit 1
set match-ip-address "NOT-Redistribute"
next
end
end
end
Step 3: Use the route-map.
config router ospf
config redistribute "static"
set status enable
set routemap "static-to-ospf"
end
end
I try just like you propose, it's more elegant
Thanks!!?
If you still want to separate "allow-all", probably this is the one you wanted to follow.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Create-an-Access-list-on-a-Route-Map-that-...
It could be more flexible when you can to have mulitple "deny" access-lists by grouping them.
I would use "config router prefix-list" though instead of "config router access-list". A little more intuitive if your background is L3 routers, like Cisco, Juniper, etc.
Toshi
Created on 11-08-2023 05:28 PM Edited on 11-08-2023 05:36 PM
Although the KB I referred to was based on BGP, the access-list and route-map part should be the same with OSPF. Especially when they're applied to static route re-distribution.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.