FortiGate – Outbound OSPF filtering
Just a quick post on filtering outbound OSPF advertisements. I had some struggle with this config today.
config router prefix-list
edit “filter-outbound”
config rule
edit 1
set prefix 10.10.0.0 255.255.0.0
unset ge
unset le
next
edit 2
set prefix 10.20.0.0 255.255.0.0
unset ge
unset le
next
edit 3
set action deny
set prefix any
unset ge
unset le
next
end
next
end
!
config router ospf
set router-id 1.1.1.10
config area
edit 1.1.1.1
config filter-list
edit 1
set list “filter-outbound”
set direction out
next
end
Like a said: a quick-and-dirty note
The following two tabs change content below.
René Jorissen
Co-owner and Solution Specialist at 4IP Solutions
René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, Aruba Networks, FortiNet, HP Networking, Juniper Networks, RSA SecurID, AeroHive, Microsoft and many more. René is Aruba Certified Edge Expert (ACEX #26), Aruba Certified Mobility Expert (ACMX #438), Aruba Certified ClearPass Expert (ACCX #725), Aruba Certified Design Expert (ACDX #760), CCNP R&S, FCNSP and Certified Ethical Hacker (CEF) certified.
You can follow René on Twitter and LinkedIn.
Latest posts by René Jorissen (see all)
- MacOS Big Sur and SSLKEYFILELOG - November 23, 2021
- ClearPass, Azure AD, SSO and Object ID - August 12, 2021
- ClearPass – custom MPSK - July 20, 2021
You say you had some problems with this, but you never said whether it worked or not? I tried this, does not work. It still advertises the filtered subnet outbound.
Jimmy, in the end this config worked for me.
Rene – was this configured on an ABR router per chance? From what I can tell from the documentation, this works only for inter-area filtering. But if you want say, prevent OSPF route re-advertisements intra-area, it does not work.