Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 7.0.1 Handbook
    7.0.1
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    OSPF

    OSPF

    OSPF (Open Shortest Path First) is described in RFC2328, OSPF Version 2. It is a link-state interior routing protocol. Compared with RIP, OSPF can provide scalable network support and faster convergence times. OSPF is widely used in large networks such as ISP backbone and enterprise networks. FortiADC supports OSPF version 2.

    By the support HA for OSPF route injection feature, the virtual server IP/IPv6 address can be injected into the OSPF domain, and can be advertised or withdrawn according to the health state of the real server.

    Before you begin:

    • You must know how OSPF has been implemented in your network, and you must know the configuration details of the implementation.
    • You must have Read-Write permission for System settings.
    To configure OSPF:
    1. Go to Networking > Routing.
    2. Click the OSPF tab.
    3. Click Create New to display the configuration editor.
    4. Complete the configuration as described in OSPF configuration.
    5. Save the configuration.

    OSPF configuration
    Settings Guidelines
    Router 32-bit number that sets the router-ID of the OSPF process. The router ID uses dotted decimal notation. The router-ID must be an IP address of the router, and it must be unique within the entire OSPF domain to the OSPF speaker.
    Default Metric The default is 10.
    Distance The default is 110.
    Default Information Originate
    • Disable—Default.
    • Enable—Originate an AS-External (type-5) LSA describing a default route into all external routing capable areas of the specified metric and metric type.
    • Always—The default is always advertised even when there is no default route present in the routing table.
    Default Information Metric The default is -1, which equals to the Default Metric.
    Default Information Metric Type

    Select either of the following:

    • 1—If selected, the metric equals to the Default Information Metric, plus the Default Metric.
    • 2—(Default) If selected, the metric equals to the Default Information Metric.
    Redistribute Connected Enable/disable to redistribute connected routes to OSPF, with the metric type and metric set if specified. Redistributed routes are distributed into OSPF as Type-5 External LSAs into links to areas.
    Redistribute Connected Metric

    The default is -1, which equals to the Default Metric.
    Redistribute Connected Metric Type

    Select either of the following:

    • 1—If selected, the metric equals to the Redistribute Connected Metric, plus the Default Metric.
    • 2—(Default) If selected, the metric equals to the Redistribute Connected Metric.
    Redistribute Static Enable/disable to redistribute static routes to OSPF, with the metric type and metric set if specified. Redistributed routes are distributed to OSPF as Type-5 External LSAs into links to areas.
    Redistribute Static Metric

    The default is -1, which equals to the Default Metric.
    Redistribute Static Metric Type
    • 1—If selected, the metric equals to the Redistribute Static Metric, plus the Default Metric.
    • 2—(Default) If selected, the metric equals to the Redistribute Static Metric.
    Area Authentication
    Area 32-bit number that identifies the OSPF area. An OSPF area is a smaller part of the larger OSPF network. Areas are used to limit the link-state updates that are sent out. The flooding used for these updates would overwhelm a large network, so it is divided into these smaller areas for manageability.
    Authentication

    Specify an authentication type:

    • None—Also called null authentication. No authentication is used. In this case the 16-byte Authentication field is not checked, and can be any value. However checksumming is still used to locate errors.
    • Text—A simple password is used. The password is a plain text string of characters. The same password is used for all transactions on a network. The main use of this type of authentication is to prevent routers from accidently joining the network. Simple password authentication is vulnerable to many forms of attack, and is not recommended as a secure form of authentication.
    • MD5—Use OSPF cryptographic authentication. A shared secret key is used to authenticate all router traffic on a network. The key is never sent over the network in the clear—a packet is sent and a condensed and encrypted form of the packet is appended to the end of the packet. A non-repeating sequence number is included in the OSPF packet to protect against replay attacks that could try to use already sent packets to disrupt the network. When a packet is accepted as authentic, the authentication sequence number is set to the packet sequence number. If a replay attack is attempted, the packet sent will be out of sequence and ignored.

    Type

    Area type setting:
    Network
    Prefix Address/mask notation to specify the subnet.
    Area Select an area configuration.
    Interface
    Name Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. After you initially save the configuration, you cannot edit the name.
    Interface Select the interface to enable OSPF for it.
    Ignore MTU Enable/disable to ignore the interface MTU. Disabled by default.
    Network Type
    • Broadcast
    • Point to Point
    • Point to Multipoint
    Retransmit Interval Interval for retransmitting Database Description and Link State Request packets. The default is 5 seconds.
    Transmit Delay Increment LSA age by this value when transmitting. The default is 1 second.
    Cost Set link cost for the specified interface. The cost value is set to router-LSA's metric field and used for SPF calculation. The default is 0.
    Priority The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0 makes the router ineligible to become Designated Router. The default is 1.
    Dead Interval Number of seconds for RouterDeadInterval timer value used for Wait Timer and Inactivity Timer. This value must be the same for all routers attached to a common network. The default is 40 seconds.
    Hello Interval Number of seconds between hello packets sent on the configured interface. This value must be the same for all routers attached to a common network. The default is 10 seconds.
    Authentication

    Specify an authentication type. All OSPF interfaces that want to learn routes from each other must be configured with the same authentication type and password or MD5 key (one match is enough). Options are:

    • None—Also called null authentication. No authentication is used. In this case the 16-byte Authentication field is not checked, and can be any value. However checksumming is still used to locate errors.
    • Text—A simple password is used. The password is a plain text string of characters. The same password is used for all transactions on a network. The main use of this type of authentication is to prevent routers from accidently joining the network. Simple password authentication is vulnerable to many forms of attack, and is not recommended as a secure form of authentication.
    • MD5—Use OSPF cryptographic authentication. A shared secret key is used to authenticate all router traffic on a network. The key is never sent over the network in the clear—a packet is sent and a condensed and encrypted form of the packet is appended to the end of the packet. A non-repeating sequence number is included in the OSPF packet to protect against replay attacks that could try to use already sent packets to disrupt the network. When a packet is accepted as authentic, the authentication sequence number is set to the packet sequence number. If a replay attack is attempted, the packet sent will be out of sequence and ignored.
    Text If using text authentication, specify a password string. Passwords are limited to 8 characters.
    MD5 If using MD5 authentication, select an MD5 configuration name.
    HA Router
    Router You use the HA Router list configuration in an HA active-active deployment. On each HA cluster node, add an HA Router configuration that includes an entry for each cluster node. When the appliance is in standalone mode, it uses the primary OSPF Router ID; when it is in HA mode, it uses the HA Router list ID.

    Specify a 32-bit number that sets the router-ID of the OSPF process. The router ID uses dotted decimal notation. The router-ID must be an IP address of the router, and it must be unique within the entire OSPF domain to the OSPF speaker.
    Node HA Node ID (0-7).
    MD5 Key List
    Name

    Configuration name. You select this name in the OSPF Interface configuration.

    Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. After you initially save the configuration, you cannot edit the name.
    Member
    Key ID A number 1-255. Each member key ID must be unique to its member list.
    Key A string of up to 16 characters to be hashed with the cryptographic MD5 hash function.
    Previous
    Next

    OSPF

    OSPF

    OSPF (Open Shortest Path First) is described in RFC2328, OSPF Version 2. It is a link-state interior routing protocol. Compared with RIP, OSPF can provide scalable network support and faster convergence times. OSPF is widely used in large networks such as ISP backbone and enterprise networks. FortiADC supports OSPF version 2.

    By the support HA for OSPF route injection feature, the virtual server IP/IPv6 address can be injected into the OSPF domain, and can be advertised or withdrawn according to the health state of the real server.

    Before you begin:

    • You must know how OSPF has been implemented in your network, and you must know the configuration details of the implementation.
    • You must have Read-Write permission for System settings.
    To configure OSPF:
    1. Go to Networking > Routing.
    2. Click the OSPF tab.
    3. Click Create New to display the configuration editor.
    4. Complete the configuration as described in OSPF configuration.
    5. Save the configuration.

    OSPF configuration
    Settings Guidelines
    Router 32-bit number that sets the router-ID of the OSPF process. The router ID uses dotted decimal notation. The router-ID must be an IP address of the router, and it must be unique within the entire OSPF domain to the OSPF speaker.
    Default Metric The default is 10.
    Distance The default is 110.
    Default Information Originate
    • Disable—Default.
    • Enable—Originate an AS-External (type-5) LSA describing a default route into all external routing capable areas of the specified metric and metric type.
    • Always—The default is always advertised even when there is no default route present in the routing table.
    Default Information Metric The default is -1, which equals to the Default Metric.
    Default Information Metric Type

    Select either of the following:

    • 1—If selected, the metric equals to the Default Information Metric, plus the Default Metric.
    • 2—(Default) If selected, the metric equals to the Default Information Metric.
    Redistribute Connected Enable/disable to redistribute connected routes to OSPF, with the metric type and metric set if specified. Redistributed routes are distributed into OSPF as Type-5 External LSAs into links to areas.
    Redistribute Connected Metric

    The default is -1, which equals to the Default Metric.
    Redistribute Connected Metric Type

    Select either of the following:

    • 1—If selected, the metric equals to the Redistribute Connected Metric, plus the Default Metric.
    • 2—(Default) If selected, the metric equals to the Redistribute Connected Metric.
    Redistribute Static Enable/disable to redistribute static routes to OSPF, with the metric type and metric set if specified. Redistributed routes are distributed to OSPF as Type-5 External LSAs into links to areas.
    Redistribute Static Metric

    The default is -1, which equals to the Default Metric.
    Redistribute Static Metric Type
    • 1—If selected, the metric equals to the Redistribute Static Metric, plus the Default Metric.
    • 2—(Default) If selected, the metric equals to the Redistribute Static Metric.
    Area Authentication
    Area 32-bit number that identifies the OSPF area. An OSPF area is a smaller part of the larger OSPF network. Areas are used to limit the link-state updates that are sent out. The flooding used for these updates would overwhelm a large network, so it is divided into these smaller areas for manageability.
    Authentication

    Specify an authentication type:

    • None—Also called null authentication. No authentication is used. In this case the 16-byte Authentication field is not checked, and can be any value. However checksumming is still used to locate errors.
    • Text—A simple password is used. The password is a plain text string of characters. The same password is used for all transactions on a network. The main use of this type of authentication is to prevent routers from accidently joining the network. Simple password authentication is vulnerable to many forms of attack, and is not recommended as a secure form of authentication.
    • MD5—Use OSPF cryptographic authentication. A shared secret key is used to authenticate all router traffic on a network. The key is never sent over the network in the clear—a packet is sent and a condensed and encrypted form of the packet is appended to the end of the packet. A non-repeating sequence number is included in the OSPF packet to protect against replay attacks that could try to use already sent packets to disrupt the network. When a packet is accepted as authentic, the authentication sequence number is set to the packet sequence number. If a replay attack is attempted, the packet sent will be out of sequence and ignored.

    Type

    Area type setting:
    Network
    Prefix Address/mask notation to specify the subnet.
    Area Select an area configuration.
    Interface
    Name Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. After you initially save the configuration, you cannot edit the name.
    Interface Select the interface to enable OSPF for it.
    Ignore MTU Enable/disable to ignore the interface MTU. Disabled by default.
    Network Type
    • Broadcast
    • Point to Point
    • Point to Multipoint
    Retransmit Interval Interval for retransmitting Database Description and Link State Request packets. The default is 5 seconds.
    Transmit Delay Increment LSA age by this value when transmitting. The default is 1 second.
    Cost Set link cost for the specified interface. The cost value is set to router-LSA's metric field and used for SPF calculation. The default is 0.
    Priority The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0 makes the router ineligible to become Designated Router. The default is 1.
    Dead Interval Number of seconds for RouterDeadInterval timer value used for Wait Timer and Inactivity Timer. This value must be the same for all routers attached to a common network. The default is 40 seconds.
    Hello Interval Number of seconds between hello packets sent on the configured interface. This value must be the same for all routers attached to a common network. The default is 10 seconds.
    Authentication

    Specify an authentication type. All OSPF interfaces that want to learn routes from each other must be configured with the same authentication type and password or MD5 key (one match is enough). Options are:

    • None—Also called null authentication. No authentication is used. In this case the 16-byte Authentication field is not checked, and can be any value. However checksumming is still used to locate errors.
    • Text—A simple password is used. The password is a plain text string of characters. The same password is used for all transactions on a network. The main use of this type of authentication is to prevent routers from accidently joining the network. Simple password authentication is vulnerable to many forms of attack, and is not recommended as a secure form of authentication.
    • MD5—Use OSPF cryptographic authentication. A shared secret key is used to authenticate all router traffic on a network. The key is never sent over the network in the clear—a packet is sent and a condensed and encrypted form of the packet is appended to the end of the packet. A non-repeating sequence number is included in the OSPF packet to protect against replay attacks that could try to use already sent packets to disrupt the network. When a packet is accepted as authentic, the authentication sequence number is set to the packet sequence number. If a replay attack is attempted, the packet sent will be out of sequence and ignored.
    Text If using text authentication, specify a password string. Passwords are limited to 8 characters.
    MD5 If using MD5 authentication, select an MD5 configuration name.
    HA Router
    Router You use the HA Router list configuration in an HA active-active deployment. On each HA cluster node, add an HA Router configuration that includes an entry for each cluster node. When the appliance is in standalone mode, it uses the primary OSPF Router ID; when it is in HA mode, it uses the HA Router list ID.

    Specify a 32-bit number that sets the router-ID of the OSPF process. The router ID uses dotted decimal notation. The router-ID must be an IP address of the router, and it must be unique within the entire OSPF domain to the OSPF speaker.
    Node HA Node ID (0-7).
    MD5 Key List
    Name

    Configuration name. You select this name in the OSPF Interface configuration.

    Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. After you initially save the configuration, you cannot edit the name.
    Member
    Key ID A number 1-255. Each member key ID must be unique to its member list.
    Key A string of up to 16 characters to be hashed with the cryptographic MD5 hash function.
    Previous
    Next