I hope you can help me as I am just too dumb right now. My setup looks like the following:
2 sites, both with a Fortigate for WAN connectivity and between the sites are 2 L3 devices connecting the sites with eachother. Site1 has Area 0 and other areas directly connected to the L3 switch and area 0 is also used for OSPF connection to the Fortigate. The L3 switch inject default route to the other site - connected by OSPF stub area.
The second site has a L3 switch as well, connected with the same stub area to the firewall there.
The plan is to use the default route from site 2 fortigate for all site a connected devices (so Fortigate Site 2 needs to inject its default route into the stub and overrule default route from Site 1). In case of failure or health links jitter is too high, the default route should be discarded and now Site 2 should take the default route injected from Site 1.
For testing purposes I even disconnected Site 1 from Site 2 but still on my L3 switch I cannot get the default route injected from my stub area fortigate even though it says "Inject default routes always". I also tried to change default metric lower than the Site 1 metric ...
Is it even possible to have a stub getting a default route injected from somewhere else than the area 0?
well thats completely right. I now have changed my areas into NSSAs and I can get into the internet via the backup route (when my Fortigate disconnects its WAN port). But now I need my default-route from my local fortigate (NSSA 10.207.0.0) to overrule the other site which injects it default route as well.
Honestly we don't use OSPF much because it's difficult to manipulate routes per prefix due to the fact that the design of OSPF is to share the topology of the entire network among all routers in the domain. We mainly use BGP instead. So I don't have the answer even if it's possible, which I doubt.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.