PurposeThis article describes the basic steps to configure FortiGates in a simple OSPF scenario.
It includes the network diagram, requirements, configuration, and routing tables of all FortiGates.
Scope - All FortiGate models
- FortiGate or VDOM in NAT mode only
- FortiOS v4.0
DiagramThe following network diagram will be used as an example to illustrate how to setup OSPF.
Expectations, RequirementsBasic requirements:
- FGT1 will become automatically ASBR as it will advertise its static default routes
- All locally connected interfaces must have OSPF enabled and the corresponding subnet be advertised as OSPF internal routes (not external)
Tech Tip : The use of loopback interfaces into this OSPF scenario is a simple rule that eases the OSPF troubleshooting and administration, where we will set the OSPF router ID identically to the loopback interface.
Note : To enable OSPF on an interface, you only need to add it into the network/prefix list. To enable all interfaces with a single setting, you can use the prefix “0.0.0.0 0.0.0.0”. FGT1 has got this setting as an example.
ConfigurationNote : Only the relevant parts of the configuration are given.
config system interface
edit "internal"
set vdom "root"
set ip 192.168.182.151 255.255.254.0
set allowaccess ping https ssh http telnet
set type physical
next
edit "lback1"
set vdom "root"
set ip 10.0.0.1 255.255.255.255
set type loopback
end
config router static
edit 0
set device "internal"
set gateway 192.168.183.254
end
config router ospf
config area
edit 0.0.0.0
next
end
set default-information-originate enable
config network
edit 1
set prefix 0.0.0.0 0.0.0.0
next
end
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
set router-id 10.0.0.1
end
config system interface
edit "internal"
set vdom "root"
set ip 192.168.182.152 255.255.254.0
set allowaccess ping https
set type physical
next
edit "lback2"
set vdom "root"
set ip 10.0.0.2 255.255.255.255
set type loopback
next
end
config router ospf
config area
edit 0.0.0.0
next
end
config network
edit 1
set area 0.0.0.0
set prefix 192.168.182.0 255.255.254.0
next
edit 2
set area 0.0.0.0
set prefix 10.0.0.2 255.255.255.255
next
end
set router-id 10.0.0.2
end
VerificationVerification on FGT1. Example of commands that can be used :
FGT1 # get router info ospf neighbor
OSPF process 0:
Neighbor ID Pri State Dead Time Address Interface
10.0.0.2 1 Full/DROther 00:00:37 192.168.182.152 internal
FGT1 # get router info ospf interface
internal is up, line protocol is up
Internet Address 192.168.182.151/23, Area 0.0.0.0, MTU 1500
Process ID 0, Router ID 10.0.0.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State Backup, Priority 1
Designated Router (ID) 0.0.0.205, Interface Address 192.168.182.205
Backup Designated Router (ID) 10.0.0.1, Interface Address 192.168.182.151
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:06
Neighbor Count is 2, Adjacent neighbor count is 2
Crypt Sequence Number is 6411628
Hello received 106 sent 90, DD received 12 sent 14
LS-Req received 0 sent 1, LS-Upd received 20 sent 19
LS-Ack received 13 sent 15, Discarded 177
FGT1 # get router info ospf status
Routing Process "ospf 0" with ID 10.0.0.1
Process uptime is 15 minutes
[.......]
FGT1 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [10/0] via 192.168.183.254, internal
C 10.0.0.1/32 is directly connected, lback1
O 10.0.0.2/32 [110/110] via 192.168.182.152, internal, 00:00:22
C 192.168.182.0/23 is directly connected, internal
Verification on FGT2. Example of commands that can be used :
FGT2 # get router info ospf neighbor
OSPF process 0:
Neighbor ID Pri State Dead Time Address Interface
10.0.0.1 1 Full/Backup 00:00:31 192.168.182.151 internal
FGT2 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
O*E2 0.0.0.0/0 [110/10] via 192.168.183.254, internal, 00:03:04
O 10.0.0.1/32 [110/110] via 192.168.182.151, internal, 00:09:36
C 10.0.0.2/32 is directly connected, lback2
C 192.168.182.0/23 is directly connected, internal Troubleshooting.