FortiGate – Outbound OSPF filtering

Just a quick post on filtering outbound OSPF advertisements. I had some struggle with this config today.

config router prefix-list
  edit “filter-outbound”
  config rule
    edit 1
      set prefix 10.10.0.0 255.255.0.0
      unset ge
      unset le
    next
    edit 2
      set prefix 10.20.0.0 255.255.0.0
      unset ge
      unset le
    next
    edit 3
      set action deny
      set prefix any
      unset ge
      unset le
    next
  end
 next
end
!
config router ospf
 set router-id 1.1.1.10
  config area
    edit 1.1.1.1
      config filter-list
        edit 1
          set list “filter-outbound”
          set direction out
        next
end

Like a said: a quick-and-dirty  note

The following two tabs change content below.

René Jorissen

Co-owner and Solution Specialist at 4IP Solutions
René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, Aruba Networks, FortiNet, HP Networking, Juniper Networks, RSA SecurID, AeroHive, Microsoft and many more. René is CCNP , Aruba Certified Mobility Expert (ACMX #438), Aruba Certified ClearPass Expert (ACCX #725), FCNSP and Certified Ethical Hacker (CEF) certified. You can follow René on Twitter and LinkedIn.

Latest posts by René Jorissen (see all)

3 thoughts on “FortiGate – Outbound OSPF filtering

  1. You say you had some problems with this, but you never said whether it worked or not? I tried this, does not work. It still advertises the filtered subnet outbound.

  2. Rene – was this configured on an ABR router per chance? From what I can tell from the documentation, this works only for inter-area filtering. But if you want say, prevent OSPF route re-advertisements intra-area, it does not work.

Leave a Reply

Your email address will not be published. Required fields are marked *