Assumptions

• The FortiGate units used in this example have interfaces named port1, port2, and port3.
• All FortiGate units in this example have factory default configuration with FortiOS 4.0 MR2 firmware installed, and are in NAT/Route operation mode.
• During configuration, if settings are not directly referred to they will be left at default settings.
• Basic firewalls are in place to allow unfiltered traffic between all connected interfaces in both directions.
• This OSPF network is not connected to any other OSPF areas outside of this example.
• The Internet connection is always available.
• Other devices may be on the network, but do not affect this configuration.

 

Configuring the FortiGate units

This section configures the basic settings on the FortiGate units to be OSPF routers. These configurations include multiple interface settings, and hostname.

There are four FortiGate units in this example. The two units in the backbone area can be configured exactly the same except for IP addresses, so only router3 (the DR) configuration will be given with notes indicating router2 (the BDR) IP addresses.

Configuring the FortiGate units includes:

• Configuring Router1
• Configuring Router2
• Configuring Router3
• Configuring Router4

 

Configuring Router1

Router1 is part of the Accounting network stub area (1.1.1.1).

 

To configure Router1 interfaces – web-based manager

1. Go to System > Dashboard > Status.

2. Next to hostname, select Change.

3. Enter a hostname of Router1, and select OK.

4. Go to System > Network > Interfaces, edit port1, set the following information, and select OK.

Alias                                           internal

IP/Network Mask                       10.11.101.1/255.255.255.0

Administrative Access             HTTPS SSH PING

Description                                Accounting network

Administrative Status               Up

5. Edit port2, set the following information, and select OK.

Alias                                           External1

IP/Network Mask                       10.11.110.1/255.255.255.0

Administrative Access             HTTPS SSH PING

Description                                Backbone network and Internet

Administrative Status               Up

Configuring Router2

Router2 is part of the R&D network backbone area (0.0.0.0). Router2 and Router3 are in this area. They provide a redundant connection between area 1.1.1.1 and area 2.2.2.2.

Router2 has three interfaces configured; one to the internal network, and two to Router3 for redundancy.

 

To configure Router2 interfaces – web-based manager

1. Go to System > Dashboard > Status.

2. Next to hostname, select Change.

3. Enter a hostname of Router2, and select OK.

4. Go to System > Network > Interfaces, edit port1 (internal), set the following information, and select OK.

Alias                                           internal

IP/Network Mask                       10.11.102.2/255.255.255.0

Administrative Access             HTTPS SSH PING

Description                                Internal RnD network

Administrative Status               Up

5. Edit port2 (external1), set the following information, and select OK.

Alias                                           external1

IP/Network Mask                       10.11.110.2/255.255.255.0

Administrative Access             HTTPS SSH PING

Description                                Router3 first connection

Administrative Status               Up

6. Edit port3 (external2), set the following information, and select OK.

Alias                                           external2

IP/Network Mask                       10.11.111.2/255.255.255.0

Administrative Access             HTTPS SSH PING

Description                                Router3 second connection

Administrative Status               Up

 

Configuring Router3

Router3 is part of the R&D network backbone area (0.0.0.0). Router2 and Router3 are in this area. They provide a redundant connection between area 1.1.1.1 and area 2.2.2.2.

To configure Router3 interfaces – web-based manager

1. Go to System > Dashboard > Status.

2. Next to hostname, select Change.

3. Enter a hostname of Router3, and select OK.

4. Go to System > Network > Interfaces, edit port1 (internal), set the following information, and select OK.

Alias                                           internal

IP/Network Mask                       10.11.103.3/255.255.255.0

Administrative Access             HTTPS SSH PING

Description                                Internal RnD network

Administrative Status               Up

5. Edit port2 (external1), set the following information, and select OK.

Alias                                           external1

IP/Network Mask                       10.11.110.3/255.255.255.0

Administrative Access             HTTPS SSH PING

Description                                Router2 first connection

Administrative Status               Up

6. Edit port3 (external2), set the following information, and select OK.

Alias                                           external2

IP/Network Mask                       10.11.111.3/255.255.255.0

Administrative Access             HTTPS SSH PING

Description                                Router2 second connection

Administrative Status               Up

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!