Fortinet black logo

Handbook

Advanced inter-area OSPF example

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:668422
Download PDF

Advanced inter-area OSPF example

This example sets up an OSPF network at a large office. There are three areas, each with two routers. Typically OSPF areas wouldn't be this small, and if they were, the areas would be combined into one larger area. However, the stub area services the accounting department whose members are very sensitive about their network and don't want their network information broadcasted through the rest of the company. The backbone area contains the bulk of the company's network devices. The regular area was established for various reasons, such as hosting the company servers in a separate area with extra security.

One area is a small stub area that has no independent Internet connection, and has only one connection to the backbone area. That connection between the stub area and the backbone area is only through a default route. No routes outside the stub area are advertised into that area. Another area is the backbone, which is connected to the other two areas. The third area has the Internet connection, and all traffic to and from the Internet must use that area’s connection. If that traffic comes from the stub area, then that traffic is treating the backbone like a transit area that only uses it to get to another area.

In the stub area, a subnet of computers is running the RIP routing protocol and those routes must be redistributed into the OSPF areas.

Network layout and assumptions

There are four FortiGate devices in this network topology, which are acting as OSPF routers:

Advanced inter-area OSPF network topology

Area 1.1.1.1 is a stub area with one FortiGate OSPF router called Router1 (DR). Its only access outside of that area is a default route to the backbone area, which is how it accesses the Internet. Traffic must go from the stub area, through the backbone, to the third area to reach the Internet. The backbone area in this configuration is called a transit area. Also, in area 1.1.1.1 there is a RIP router that will be providing routes to the OSPF area through redistribution.

Area 0.0.0.0 is the backbone area and has two FortiGate device routers named Router2 (BDR) and Router3 (DR).

Area 2.2.2.2 is a regular area that has an Internet connection accessed by both the other two OSPF areas. There is only one FortiGate device router in this area called Router4 (DR). This area is more secure and requires MD5 authentication by routers.

All areas have user networks connected but they're not important for configuring the network layout for this example.

Internal interfaces are connected to internal user networks only. External1 interfaces are connected to the 10.11.110.0 network, joining Area 1.1.1.1 and Area 0.0.0.0.

External2 interfaces are connected to the 10.11.111.0 network, joining Area 0.0.0.0 and Area 2.2.2.2. The ISP interface is called ISP.

Routers, areas, interfaces, and IP addresses for advanced OSPF network

Router name

Area number and type

Interface

IP address

Router1 (DR)

1.1.1.1 - stub area

(Accounting)

port1 (internal)

10.11.101.1

port2 (external1)

10.11.110.1

Router2 (BDR)

0.0.0.0 - backbone area

( R&D Network)

port1 (internal)

10.11.102.2

port2 (external1)

10.11.110.2

port3 (external2)

10.11.111.2

Router3 (DR)

0.0.0.0 - backbone area

(R&D Network)

port1 (internal)

10.11.103.3

port2 (external1)

10.11.110.3

port3 (external2)

10.11.111.3

Router4 (DR)

2.2.2.2 - regular area

(Network Admin)

port1 (internal)

10.11.104.4

port2 (external2)

10.11.111.4

port3 (ISP)

172.20.120.4

Note that other subnets can be added to the internal interfaces without changing the configuration.

Assumptions

  • The FortiGate devices used in this example have interfaces named port1, port2, and port3.
  • All FortiGate devices in this example have factory default configuration with FortiOS 4.0 MR2 firmware installed and are in NAT mode.
  • During configuration, if settings are not directly referred to, they will be left at the default settings.
  • Basic firewalls are in place to allow unfiltered traffic between all connected interfaces in both directions.
  • This OSPF network is not connected to any other OSPF areas outside of this example.
  • The Internet connection is always available.
  • Other devices may be on the network but do not affect this configuration.

Configuring the FortiGate devices

This section configures the basic settings on the FortiGate devices to be OSPF routers. These configurations include multiple interface settings and the hostname.

There are four FortiGate devices in this example. The two devices in the backbone area can be configured exactly the same except for IP addresses, so only the Router3 (the DR) configuration will be given, with notes indicating Router2's (the BDR) IP addresses.

Configuring the FortiGate devices includes:

Configuring Router1

Router1 is part of the Accounting network stub area (1.1.1.1).

To configure Router1 interfaces - GUI:
  1. Go to System > Settings.
  2. In the Host name field, enter a hostname of Router1 and select Apply.
  3. Go to Network > Interfaces edit port1, set the following information, and select OK.
  4. Alias

    internal

    IP/Network Mask

    10.11.101.1/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Accounting network

    Interface State

    Enabled

  5. Edit port2, set the following information and select OK.
  6. Alias

    External1

    IP/Network Mask

    10.11.110.1/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Backbone network and Internet

    Interface State

    Enabled

Configuring Router2

Router2 is part of the R&D network backbone area (0.0.0.0). Router2 and Router3 are in this area. They provide a redundant connection between area 1.1.1.1 and area 2.2.2.2.

Router2 has three interfaces configured: one to the internal network and two to Router3 for redundancy.

To configure Router2 interfaces - GUI:
  1. Go to System > Settings.
  2. In the Host name field, enter a hostname of Router2 and select Apply.
  3. Go to Network > Interfaces, edit port1 (internal), set the following information, and select OK.
  4. Alias

    internal

    IP/Network Mask

    10.11.102.2/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Internal RnD network

    Interface State

    Enabled

  5. Edit port2 (external1), set the following information and select OK.
  6. Alias

    external1

    IP/Network Mask

    10.11.110.2/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Router3 first connection

    Interface State

    Enabled

  7. Edit port3 (external2), set the following information and select OK.
  8. Alias

    external2

    IP/Network Mask

    10.11.111.2/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Router3 second connection

    Interface State

    Enabled

Configuring Router3

Router3 is part of the R&D network backbone area (0.0.0.0). Router2 and Router3 are in this area. They provide a redundant connection between area 1.1.1.1 and area 2.2.2.2.

To configure Router3 interfaces - GUI:
  1. Go to System > Settings.
  2. In the Host name field, enter a hostname of Router3 and select Apply.
  3. Go to Network > Interfaces, edit port1 (internal), set the following information, and select OK.
  4. Alias

    internal

    IP/Network Mask

    10.11.103.3/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Internal RnD network

    Interface State

    Enabled

  5. Edit port2 (external1), set the following information and select OK.
  6. Alias

    external1

    IP/Network Mask

    10.11.110.3/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Router2 first connection

    Interface State

    Enabled

  7. Edit port3 (external2), set the following information and select OK.
  8. Alias

    external2

    IP/Network Mask

    10.11.111.3/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Router2 second connection

    Interface State

    Enabled

Configuring Router4

Router4 is part of the Network Administration regular area (2.2.2.2). This area provides Internet access for both area 1.1.1.1 and the backbone area.

This section configures interfaces and hostname.

To configure Router4 interfaces - GUI:
  1. Go to System > Settings.
  2. In the Host name field, enter a hostname of Router4 and select Apply.
  3. Go to Network > Interfaces.
  4. Edit port1 (internal).
  5. Set the following information and select OK.
  6. Alias

    internal

    IP/Network Mask

    10.11.101.4/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Accounting network

    Interface State

    Enabled

  7. Edit port2 (external2).
  8. Set the following information and select OK.
  9. Alias

    external2

    IP/Network Mask

    10.11.110.4/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Backbone and Accounting network

    Interface State

    Enabled

  10. Edit port3 (ISP).
  11. Set the following information and select OK.
  12. Alias

    ISP

    IP/Network Mask

    172.20.120.4/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    ISP and Internet

    Interface State

    Enabled

Configuring OSPF on the FortiGate devices

Three of the routers are designated routers (DR) and one is a backup DR (BDR). This is achieved through the lowest router ID numbers, or OSPF priority settings.

Also, each area needs to be configured as each respective type of area: stub, backbone, or regular. This affects how routes are advertised into the area.

To configure OSPF on Router1 - GUI:
  1. Go to Network > OSPF.
  2. Enter 10.11.101.1 for the Router ID and select Apply.
  3. In Areas, select Create New, set the following information, and select OK.
  4. Area ID

    1.1.1.1

    Type

    Stub

    Authentication

    None

  5. In Networks, select Create New, set the following information, and select OK.
  6. Area

    1.1.1.1

    IP/Netmask

    10.11.101.0/255.255.255.0

  7. In Interfaces, select Create New, set the following information, and select OK.
  8. Name

    Accounting

    Interface

    port1 (internal)

    IP

    10.11.101.1

    Authentication

    None

  9. In Interfaces, select Create New, set the following information, and select OK.
  10. Name

    Backbone1

    Interface

    port2 (external1)

    IP

    10.11.110.1

    Authentication

    None

To configure OSPF on Router2 - GUI:
  1. Go to Network > OSPF.
  2. Enter 10.11.102.2 for the Router ID and select Apply.
  3. In Areas, select Create New, set the following information, and select OK.
  4. Area ID

    0.0.0.0

    Type

    Regular

    Authentication

    None

  5. In Networks, select Create New, set the following information, and select OK.
  6. Area

    0.0.0.0

    IP/Netmask

    10.11.102.2/255.255.255.0

  7. In Networks, select Create New, set the following information, and select OK.
  8. Area

    0.0.0.0

    IP/Netmask

    10.11.110.2/255.255.255.0

  9. In Networks, select Create New, set the following information, and select OK.
  10. Area

    0.0.0.0

    IP/Netmask

    10.11.111.2/255.255.255.0

  11. In Interfaces, select Create New, set the following information, and select OK.
  12. Name

    RnD network

    Interface

    port1 (internal)

    IP

    10.11.102.2

    Authentication

    None

  13. In Interfaces, select Create New, set the following information, and select OK.
  14. Name

    Backbone1

    Interface

    port2 (external1)

    IP

    10.11.110.2

    Authentication

    None

  15. In Interfaces, select Create New, set the following information, and select OK.
  16. Name

    Backbone2

    Interface

    port3 (external2)

    IP

    10.11.111.2

    Authentication

    None

To configure OSPF on Router3 - GUI:
  1. Go to Network > OSPF.
  2. Enter 10.11.103.3 for the Router ID and select Apply.
  3. In Areas, select Create New, set the following information, and select OK.
  4. Area ID

    0.0.0.0

    Type

    Regular

    Authentication

    None

  5. In Networks, select Create New, set the following information, and select OK.
  6. Area

    0.0.0.0

    IP/Netmask

    10.11.102.3/255.255.255.0

  7. In Networks, select Create New, set the following information, and select OK.
  8. Area

    0.0.0.0

    IP/Netmask

    10.11.110.3/255.255.255.0

  9. In Networks, select Create New, set the following information, and select OK.
  10. IP/Netmask

    10.11.111.3/255.255.255.0

    Area

    0.0.0.0

  11. In Interfaces, select Create New, set the following information, and select OK.
  12. Name

    RnD network

    Interface

    port1 (internal)

    IP

    10.11.103.3

    Authentication

    None

  13. In Interfaces, select Create New, set the following information, and select OK.
  14. Name

    Backbone1

    Interface

    port2 (external1)

    IP

    10.11.110.3

    Authentication

    None

  15. In Interfaces, select Create New, set the following information, and select OK.
  16. Name

    Backbone2

    Interface

    port3 (external2)

    IP

    10.11.111.3

    Authentication

    None

To configure OSPF on Router4 - GUI:
  1. Go to Network > OSPF.
  2. Enter 10.11.104.4 for the Router ID and then select Apply.
  3. In Areas, select Create New.
  4. Set the following information and select OK.
  5. Area ID

    2.2.2.2

    Type

    Regular

    Authentication

    None

  6. In Networks, select Create New, set the following information, and select OK.
  7. Area

    0.0.0.0

    IP/Netmask

    10.11.104.0/255.255.255.0

  8. In Networks, select Create New, set the following information, and select OK.
  9. Area

    0.0.0.0

    IP/Netmask

    10.11.111.0/255.255.255.0

  10. In Networks, select Create New, set the following information, and select OK.
  11. Area

    0.0.0.0

    IP/Netmask

    172.20.120.0/255.255.255.0

  12. In Interfaces, select Create New, set the following information, and select OK.
  13. Name

    Network Admin network

    Interface

    port1 (internal)

    IP

    10.11.104.4

    Authentication

    None

  14. In Interfaces, select Create New, set the following information, and select OK.
  15. Name

    Backbone2

    Interface

    port2 (external2)

    IP

    10.11.111.4

    Authentication

    None

  16. In Interfaces, select Create New, set the following information, and select OK.
  17. Name

    ISP

    Interface

    port3 (ISP)

    IP

    172.20.120.4

    Authentication

    None

Configuring other networking devices

All network devices on this network are running OSPF routing. The user networks (Accounting, R&D, and Network Administration) are part of one of the three areas.

The ISP needs to be notified of your network configuration for area 2.2.2.2. Your ISP won't advertise your areas externally as they're intended as internal areas. External areas have assigned unique numbers. The area numbers used in this example are similar to the 10.0.0.0 and 192.168.0.0 subnets used in internal networking.

Testing network configuration

There are two main areas to test in this network configuration: network connectivity and OSPF routing.

To test network connectivity, see if computers on the Accounting or R&D networks can access the Internet.

To test OSPF routing, check the routing tables on the FortiGate devices to ensure the expected OSPF routes are present. If you need help troubleshooting OSPF routing, see Troubleshooting OSPF.

Advanced inter-area OSPF example

This example sets up an OSPF network at a large office. There are three areas, each with two routers. Typically OSPF areas wouldn't be this small, and if they were, the areas would be combined into one larger area. However, the stub area services the accounting department whose members are very sensitive about their network and don't want their network information broadcasted through the rest of the company. The backbone area contains the bulk of the company's network devices. The regular area was established for various reasons, such as hosting the company servers in a separate area with extra security.

One area is a small stub area that has no independent Internet connection, and has only one connection to the backbone area. That connection between the stub area and the backbone area is only through a default route. No routes outside the stub area are advertised into that area. Another area is the backbone, which is connected to the other two areas. The third area has the Internet connection, and all traffic to and from the Internet must use that area’s connection. If that traffic comes from the stub area, then that traffic is treating the backbone like a transit area that only uses it to get to another area.

In the stub area, a subnet of computers is running the RIP routing protocol and those routes must be redistributed into the OSPF areas.

Network layout and assumptions

There are four FortiGate devices in this network topology, which are acting as OSPF routers:

Advanced inter-area OSPF network topology

Area 1.1.1.1 is a stub area with one FortiGate OSPF router called Router1 (DR). Its only access outside of that area is a default route to the backbone area, which is how it accesses the Internet. Traffic must go from the stub area, through the backbone, to the third area to reach the Internet. The backbone area in this configuration is called a transit area. Also, in area 1.1.1.1 there is a RIP router that will be providing routes to the OSPF area through redistribution.

Area 0.0.0.0 is the backbone area and has two FortiGate device routers named Router2 (BDR) and Router3 (DR).

Area 2.2.2.2 is a regular area that has an Internet connection accessed by both the other two OSPF areas. There is only one FortiGate device router in this area called Router4 (DR). This area is more secure and requires MD5 authentication by routers.

All areas have user networks connected but they're not important for configuring the network layout for this example.

Internal interfaces are connected to internal user networks only. External1 interfaces are connected to the 10.11.110.0 network, joining Area 1.1.1.1 and Area 0.0.0.0.

External2 interfaces are connected to the 10.11.111.0 network, joining Area 0.0.0.0 and Area 2.2.2.2. The ISP interface is called ISP.

Routers, areas, interfaces, and IP addresses for advanced OSPF network

Router name

Area number and type

Interface

IP address

Router1 (DR)

1.1.1.1 - stub area

(Accounting)

port1 (internal)

10.11.101.1

port2 (external1)

10.11.110.1

Router2 (BDR)

0.0.0.0 - backbone area

( R&D Network)

port1 (internal)

10.11.102.2

port2 (external1)

10.11.110.2

port3 (external2)

10.11.111.2

Router3 (DR)

0.0.0.0 - backbone area

(R&D Network)

port1 (internal)

10.11.103.3

port2 (external1)

10.11.110.3

port3 (external2)

10.11.111.3

Router4 (DR)

2.2.2.2 - regular area

(Network Admin)

port1 (internal)

10.11.104.4

port2 (external2)

10.11.111.4

port3 (ISP)

172.20.120.4

Note that other subnets can be added to the internal interfaces without changing the configuration.

Assumptions

  • The FortiGate devices used in this example have interfaces named port1, port2, and port3.
  • All FortiGate devices in this example have factory default configuration with FortiOS 4.0 MR2 firmware installed and are in NAT mode.
  • During configuration, if settings are not directly referred to, they will be left at the default settings.
  • Basic firewalls are in place to allow unfiltered traffic between all connected interfaces in both directions.
  • This OSPF network is not connected to any other OSPF areas outside of this example.
  • The Internet connection is always available.
  • Other devices may be on the network but do not affect this configuration.

Configuring the FortiGate devices

This section configures the basic settings on the FortiGate devices to be OSPF routers. These configurations include multiple interface settings and the hostname.

There are four FortiGate devices in this example. The two devices in the backbone area can be configured exactly the same except for IP addresses, so only the Router3 (the DR) configuration will be given, with notes indicating Router2's (the BDR) IP addresses.

Configuring the FortiGate devices includes:

Configuring Router1

Router1 is part of the Accounting network stub area (1.1.1.1).

To configure Router1 interfaces - GUI:
  1. Go to System > Settings.
  2. In the Host name field, enter a hostname of Router1 and select Apply.
  3. Go to Network > Interfaces edit port1, set the following information, and select OK.
  4. Alias

    internal

    IP/Network Mask

    10.11.101.1/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Accounting network

    Interface State

    Enabled

  5. Edit port2, set the following information and select OK.
  6. Alias

    External1

    IP/Network Mask

    10.11.110.1/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Backbone network and Internet

    Interface State

    Enabled

Configuring Router2

Router2 is part of the R&D network backbone area (0.0.0.0). Router2 and Router3 are in this area. They provide a redundant connection between area 1.1.1.1 and area 2.2.2.2.

Router2 has three interfaces configured: one to the internal network and two to Router3 for redundancy.

To configure Router2 interfaces - GUI:
  1. Go to System > Settings.
  2. In the Host name field, enter a hostname of Router2 and select Apply.
  3. Go to Network > Interfaces, edit port1 (internal), set the following information, and select OK.
  4. Alias

    internal

    IP/Network Mask

    10.11.102.2/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Internal RnD network

    Interface State

    Enabled

  5. Edit port2 (external1), set the following information and select OK.
  6. Alias

    external1

    IP/Network Mask

    10.11.110.2/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Router3 first connection

    Interface State

    Enabled

  7. Edit port3 (external2), set the following information and select OK.
  8. Alias

    external2

    IP/Network Mask

    10.11.111.2/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Router3 second connection

    Interface State

    Enabled

Configuring Router3

Router3 is part of the R&D network backbone area (0.0.0.0). Router2 and Router3 are in this area. They provide a redundant connection between area 1.1.1.1 and area 2.2.2.2.

To configure Router3 interfaces - GUI:
  1. Go to System > Settings.
  2. In the Host name field, enter a hostname of Router3 and select Apply.
  3. Go to Network > Interfaces, edit port1 (internal), set the following information, and select OK.
  4. Alias

    internal

    IP/Network Mask

    10.11.103.3/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Internal RnD network

    Interface State

    Enabled

  5. Edit port2 (external1), set the following information and select OK.
  6. Alias

    external1

    IP/Network Mask

    10.11.110.3/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Router2 first connection

    Interface State

    Enabled

  7. Edit port3 (external2), set the following information and select OK.
  8. Alias

    external2

    IP/Network Mask

    10.11.111.3/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Router2 second connection

    Interface State

    Enabled

Configuring Router4

Router4 is part of the Network Administration regular area (2.2.2.2). This area provides Internet access for both area 1.1.1.1 and the backbone area.

This section configures interfaces and hostname.

To configure Router4 interfaces - GUI:
  1. Go to System > Settings.
  2. In the Host name field, enter a hostname of Router4 and select Apply.
  3. Go to Network > Interfaces.
  4. Edit port1 (internal).
  5. Set the following information and select OK.
  6. Alias

    internal

    IP/Network Mask

    10.11.101.4/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Accounting network

    Interface State

    Enabled

  7. Edit port2 (external2).
  8. Set the following information and select OK.
  9. Alias

    external2

    IP/Network Mask

    10.11.110.4/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    Backbone and Accounting network

    Interface State

    Enabled

  10. Edit port3 (ISP).
  11. Set the following information and select OK.
  12. Alias

    ISP

    IP/Network Mask

    172.20.120.4/255.255.255.0

    Administrative Access

    HTTPS SSH PING

    Description

    ISP and Internet

    Interface State

    Enabled

Configuring OSPF on the FortiGate devices

Three of the routers are designated routers (DR) and one is a backup DR (BDR). This is achieved through the lowest router ID numbers, or OSPF priority settings.

Also, each area needs to be configured as each respective type of area: stub, backbone, or regular. This affects how routes are advertised into the area.

To configure OSPF on Router1 - GUI:
  1. Go to Network > OSPF.
  2. Enter 10.11.101.1 for the Router ID and select Apply.
  3. In Areas, select Create New, set the following information, and select OK.
  4. Area ID

    1.1.1.1

    Type

    Stub

    Authentication

    None

  5. In Networks, select Create New, set the following information, and select OK.
  6. Area

    1.1.1.1

    IP/Netmask

    10.11.101.0/255.255.255.0

  7. In Interfaces, select Create New, set the following information, and select OK.
  8. Name

    Accounting

    Interface

    port1 (internal)

    IP

    10.11.101.1

    Authentication

    None

  9. In Interfaces, select Create New, set the following information, and select OK.
  10. Name

    Backbone1

    Interface

    port2 (external1)

    IP

    10.11.110.1

    Authentication

    None

To configure OSPF on Router2 - GUI:
  1. Go to Network > OSPF.
  2. Enter 10.11.102.2 for the Router ID and select Apply.
  3. In Areas, select Create New, set the following information, and select OK.
  4. Area ID

    0.0.0.0

    Type

    Regular

    Authentication

    None

  5. In Networks, select Create New, set the following information, and select OK.
  6. Area

    0.0.0.0

    IP/Netmask

    10.11.102.2/255.255.255.0

  7. In Networks, select Create New, set the following information, and select OK.
  8. Area

    0.0.0.0

    IP/Netmask

    10.11.110.2/255.255.255.0

  9. In Networks, select Create New, set the following information, and select OK.
  10. Area

    0.0.0.0

    IP/Netmask

    10.11.111.2/255.255.255.0

  11. In Interfaces, select Create New, set the following information, and select OK.
  12. Name

    RnD network

    Interface

    port1 (internal)

    IP

    10.11.102.2

    Authentication

    None

  13. In Interfaces, select Create New, set the following information, and select OK.
  14. Name

    Backbone1

    Interface

    port2 (external1)

    IP

    10.11.110.2

    Authentication

    None

  15. In Interfaces, select Create New, set the following information, and select OK.
  16. Name

    Backbone2

    Interface

    port3 (external2)

    IP

    10.11.111.2

    Authentication

    None

To configure OSPF on Router3 - GUI:
  1. Go to Network > OSPF.
  2. Enter 10.11.103.3 for the Router ID and select Apply.
  3. In Areas, select Create New, set the following information, and select OK.
  4. Area ID

    0.0.0.0

    Type

    Regular

    Authentication

    None

  5. In Networks, select Create New, set the following information, and select OK.
  6. Area

    0.0.0.0

    IP/Netmask

    10.11.102.3/255.255.255.0

  7. In Networks, select Create New, set the following information, and select OK.
  8. Area

    0.0.0.0

    IP/Netmask

    10.11.110.3/255.255.255.0

  9. In Networks, select Create New, set the following information, and select OK.
  10. IP/Netmask

    10.11.111.3/255.255.255.0

    Area

    0.0.0.0

  11. In Interfaces, select Create New, set the following information, and select OK.
  12. Name

    RnD network

    Interface

    port1 (internal)

    IP

    10.11.103.3

    Authentication

    None

  13. In Interfaces, select Create New, set the following information, and select OK.
  14. Name

    Backbone1

    Interface

    port2 (external1)

    IP

    10.11.110.3

    Authentication

    None

  15. In Interfaces, select Create New, set the following information, and select OK.
  16. Name

    Backbone2

    Interface

    port3 (external2)

    IP

    10.11.111.3

    Authentication

    None

To configure OSPF on Router4 - GUI:
  1. Go to Network > OSPF.
  2. Enter 10.11.104.4 for the Router ID and then select Apply.
  3. In Areas, select Create New.
  4. Set the following information and select OK.
  5. Area ID

    2.2.2.2

    Type

    Regular

    Authentication

    None

  6. In Networks, select Create New, set the following information, and select OK.
  7. Area

    0.0.0.0

    IP/Netmask

    10.11.104.0/255.255.255.0

  8. In Networks, select Create New, set the following information, and select OK.
  9. Area

    0.0.0.0

    IP/Netmask

    10.11.111.0/255.255.255.0

  10. In Networks, select Create New, set the following information, and select OK.
  11. Area

    0.0.0.0

    IP/Netmask

    172.20.120.0/255.255.255.0

  12. In Interfaces, select Create New, set the following information, and select OK.
  13. Name

    Network Admin network

    Interface

    port1 (internal)

    IP

    10.11.104.4

    Authentication

    None

  14. In Interfaces, select Create New, set the following information, and select OK.
  15. Name

    Backbone2

    Interface

    port2 (external2)

    IP

    10.11.111.4

    Authentication

    None

  16. In Interfaces, select Create New, set the following information, and select OK.
  17. Name

    ISP

    Interface

    port3 (ISP)

    IP

    172.20.120.4

    Authentication

    None

Configuring other networking devices

All network devices on this network are running OSPF routing. The user networks (Accounting, R&D, and Network Administration) are part of one of the three areas.

The ISP needs to be notified of your network configuration for area 2.2.2.2. Your ISP won't advertise your areas externally as they're intended as internal areas. External areas have assigned unique numbers. The area numbers used in this example are similar to the 10.0.0.0 and 192.168.0.0 subnets used in internal networking.

Testing network configuration

There are two main areas to test in this network configuration: network connectivity and OSPF routing.

To test network connectivity, see if computers on the Accounting or R&D networks can access the Internet.

To test OSPF routing, check the routing tables on the FortiGate devices to ensure the expected OSPF routes are present. If you need help troubleshooting OSPF routing, see Troubleshooting OSPF.