Configuring OSPF on the FortiGate units

With the interfaces configured, now the FortiGate units can be configured for OSPF on those interfaces. All routers are part of the backbone 0.0.0.0 area, so there is no inter-area communications needed.

For a simple configuration there will be no authentication, no graceful restart or other advanced features, and timers will be left at their defaults. Also the costs for all interfaces will be left at 10, except for the modem and ISP interfaces where cost will be used to load balance traffic. Nearly all advanced features of OSPF are only available from the CLI.

The network that is defined covers all the subnets used in this example – 10.11.101.0, 10.11.102.0, and 10.11.103.0. All routes for these subnets will be advertised. If there are other interfaces on the FortiGate units that you do not want included in the OSPF routes, ensure those interfaces use a different subnet outside of the 10.11.0.0 network. If you want all interfaces to be advertised you can use an OSPF network of 0.0.0.0 . Each router will configure:

• Router ID
• Area
• Network
• Two or three interfaces depending on the router
• Priority for DR (Router1) and BDR (Router2)
• Redistribute for ASBR (Router3) This section includes:
• Configuring OSPF on Router1 l  Configuring OSPF on Router2 l  Configuring OSPF on Router3

 

Configuring OSPF on Router1

Router1 has a very high priority to ensure it becomes the DR for this area. Also Router1 has the lowest IP address to help ensure it will win in case there is a tie at some point. Otherwise it is a standard OSPF configuration. Setting the priority can only be done in the CLI, and it is for a specific OSPF interface.

To configure OSPF on Router1 – web-based manager

1. Go to Router > Dynamic > OSPF.

2. Set Router ID to 11.101.1 and select Apply.

3. In Areas, select Create New, set the following information, and select OK.

Area                                            0.0.0.0

Type                                            Regular

Authentication                           none

4. In Networks, select Create New, set the following information, and select OK.

IP/Netmask                                 10.11.0.0/255.255.0.0

Area                                            0.0.0.0

5. In Interfaces, select Create New, set the following information, and select OK.

Name                                           Router1-Internal-DR

Interface                                     port1 (Internal)

IP                                                 0.0.0.0

Authentication                           none

Timers (seconds)

Hello Interval           10

Dead Interval            40

6. In Interfaces, select Create New, set the following information, and select OK.

Name                                           Router1-External

Interface                                     port2 (External)

IP                                                 0.0.0.0

Authentication                           none

Timers (seconds)

Hello Interval           10

Dead Interval            40

7. Using the CLI, enter the following commands to set the priority for the Router1-Internal OSPF interface to maximum, ensuring this interface becomes the DR.

config router ospf

config ospf-interface

edit Router1-Internal-DR

set priority 255 end

 

To configure OSPF on Router1 – CLI

config router ospf

set router-id 10.11.101.1

config area

edit 0.0.0.0 next

end

config network edit 1

set prefix 10.11.0.0/255.255.255.0 next

end

config ospf-interface

edit “Router1-Internal” set interface “port1” set priority 255

next

edit “Router1-External” set interface “port2”

next end

end

 

Configuring OSPF on Router2

Router2 has a high priority to ensure it becomes the BDR for this area, and configures the DSL interface slightly differently—assume this will be a slower connection resulting in the need for longer timers, and a higher cost for this route.

Otherwise it is a standard OSPF configuration.

To configure OSPF on Router2 – web-based manager

1. Go to Router > Dynamic > OSPF.

2. Set Router ID to 11.101.2 and select Apply.

3. In Areas, select Create New, set the following information, and select OK.

Area                                            0.0.0.0

Type                                            Regular

Authentication                           none

4. In Networks, select Create New, set the following information, and select OK.

IP/Netmask                                 10.11.0.0/255.255.0.0

Area                                            0.0.0.0

5. In Interfaces, select Create New, set the following information, and select OK.

Name                                           Router2-Internal

Interface                                     port1 (Internal)

IP                                                 0.0.0.0

Authentication                           none

Timers (seconds)

Hello Interval           10

Dead Interval            40

6. In Interfaces, select Create New, set the following information, and select OK.

Name                                           Router2-External

Interface                                     port2 (External)

IP                                                 0.0.0.0

Authentication                           none

Timers (seconds)

Hello Interval           10

Dead Interval            40

7. In Interfaces, select Create New, set the following information, and select OK.

Name                                          Router2-DSL

Interface                                     port3 (DSL)

IP                                                 0.0.0.0

Authentication                           none

Cost                                            50

Timers (seconds)

Hello Interval           20

Dead Interval            80

8. Using the CLI, enter the following commands to set the priority for the Router2-Internal OSPF interface to ensure this interface will become the BDR:

config router ospf

config ospf-interface edit Router2-Internal

set priority 250 next

end