Configuring OSPF on the FortiGate units
With the interfaces configured, now the FortiGate units can be configured for OSPF on those interfaces. All routers are part of the backbone 0.0.0.0 area, so there is no inter-area communications needed.
For a simple configuration there will be no authentication, no graceful restart or other advanced features, and timers will be left at their defaults. Also the costs for all interfaces will be left at 10, except for the modem and ISP interfaces where cost will be used to load balance traffic. Nearly all advanced features of OSPF are only available from the CLI.
The network that is defined covers all the subnets used in this example – 10.11.101.0, 10.11.102.0, and 10.11.103.0. All routes for these subnets will be advertised. If there are other interfaces on the FortiGate units that you do not want included in the OSPF routes, ensure those interfaces use a different subnet outside of the 10.11.0.0 network. If you want all interfaces to be advertised you can use an OSPF network of 0.0.0.0 . Each router will configure:
- Router ID
- Area
- Network
- Two or three interfaces depending on the router
- Priority for DR (Router1) and BDR (Router2)
- Redistribute for ASBR (Router3) This section includes:
- Configuring OSPF on Router1 l Configuring OSPF on Router2 l Configuring OSPF on Router3
Configuring OSPF on Router1
Router1 has a very high priority to ensure it becomes the DR for this area. Also Router1 has the lowest IP address to help ensure it will win in case there is a tie at some point. Otherwise it is a standard OSPF configuration. Setting the priority can only be done in the CLI, and it is for a specific OSPF interface.
To configure OSPF on Router1 – web-based manager
1. Go to Router > Dynamic > OSPF.
2. Set Router ID to 11.101.1 and select Apply.
3. In Areas, select Create New, set the following information, and select OK.
Area 0.0.0.0
Type Regular
Authentication none
4. In Networks, select Create New, set the following information, and select OK.
IP/Netmask 10.11.0.0/255.255.0.0
Area 0.0.0.0
5. In Interfaces, select Create New, set the following information, and select OK.
Name Router1-Internal-DR
Interface port1 (Internal)
IP 0.0.0.0
Authentication none
Timers (seconds)
Hello Interval 10
Dead Interval 40
6. In Interfaces, select Create New, set the following information, and select OK.
Name Router1-External
Interface port2 (External)
IP 0.0.0.0
Authentication none
Timers (seconds)
Hello Interval 10
Dead Interval 40
7. Using the CLI, enter the following commands to set the priority for the Router1-Internal OSPF interface to maximum, ensuring this interface becomes the DR.
config router ospf
config ospf-interface
edit Router1-Internal-DR
set priority 255 end
To configure OSPF on Router1 – CLI
config router ospf
set router-id 10.11.101.1
config area
edit 0.0.0.0 next
end
config network edit 1
set prefix 10.11.0.0/255.255.255.0 next
end
config ospf-interface
edit “Router1-Internal” set interface “port1” set priority 255
next
edit “Router1-External” set interface “port2”
next end
end
Configuring OSPF on Router2
Router2 has a high priority to ensure it becomes the BDR for this area, and configures the DSL interface slightly differently—assume this will be a slower connection resulting in the need for longer timers, and a higher cost for this route.
Otherwise it is a standard OSPF configuration.
To configure OSPF on Router2 – web-based manager
1. Go to Router > Dynamic > OSPF.
2. Set Router ID to 11.101.2 and select Apply.
3. In Areas, select Create New, set the following information, and select OK.
Area 0.0.0.0
Type Regular
Authentication none
4. In Networks, select Create New, set the following information, and select OK.
IP/Netmask 10.11.0.0/255.255.0.0
Area 0.0.0.0
5. In Interfaces, select Create New, set the following information, and select OK.
Name Router2-Internal
Interface port1 (Internal)
IP 0.0.0.0
Authentication none
Timers (seconds)
Hello Interval 10
Dead Interval 40
6. In Interfaces, select Create New, set the following information, and select OK.
Name Router2-External
Interface port2 (External)
IP 0.0.0.0
Authentication none
Timers (seconds)
Hello Interval 10
Dead Interval 40
7. In Interfaces, select Create New, set the following information, and select OK.
Name Router2-DSL
Interface port3 (DSL)
IP 0.0.0.0
Authentication none
Cost 50
Timers (seconds)
Hello Interval 20
Dead Interval 80
8. Using the CLI, enter the following commands to set the priority for the Router2-Internal OSPF interface to ensure this interface will become the BDR:
config router ospf
config ospf-interface edit Router2-Internal
set priority 250 next
end
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
I was configuring OSPF for Kotak Team, On fortigate firewall for Ranchi Location and I have done below things-
• Specified Loopback Network,
• LAN network,
• WAN Network with local firewall Is connected to Its peer.
• I have also configured Policy and Static route
After that Im able to ping neighbor IP from firewall but Neighbor Is not established, Please Kind me In this case to overcome this Issue.