Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    7.0.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    OSPF HMAC-SHA authentication 7.0.1

    OSPF HMAC-SHA authentication 7.0.1

    This enhancement adds support for RFC 5709 HMAC-SHA cryptographic authentication for OSPF. Prior to 7.0.1, only MD5 was supported.

    An option to set the algorithm is available in the router key chain configuration:

    config router key-chain
    edit <name>
        config key
            edit <id>
                ...
                set algorithm {md5 | hmac-sha1 | hmac-sha256 | hmac-sha384 | hmac-sha512}
            next
        end
    next
end
    Note

    The available options for set authentication in the OSPF settings are now none, text, and message-digest.
    To configure HMAC-SHA cryptographic authentication for OSPF:
    1. Configure the router key chain:
      config router key-chain
    edit "11"
        config key
            edit "1"
                set accept-lifetime 01:01:01 01 01 2021 2147483646
                set send-lifetime 01:01:01 01 01 2021 2147483646
                set key-string **********
                set algorithm hmac-sha512
            next
        end
    next
end
    2. Configure OSPF:
      config router ospf
    set router-id 2.2.2.2
    config area
        edit 0.0.0.0
            set authentication message-digest
        next
    end
    config ospf-interface
        edit "1"
            set interface "port1"
            set authentication message-digest
            set md5-keychain "11"
        next
    end
end
    3. Verify that the OSPF neighbor can be established:
      # get router info ospf neighbor
OSPF process 0, VRF 0:
Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   Full/DR         00:00:37    12.1.1.1        port1
    Previous
    Next

    OSPF HMAC-SHA authentication 7.0.1

    OSPF HMAC-SHA authentication 7.0.1

    This enhancement adds support for RFC 5709 HMAC-SHA cryptographic authentication for OSPF. Prior to 7.0.1, only MD5 was supported.

    An option to set the algorithm is available in the router key chain configuration:

    config router key-chain
    edit <name>
        config key
            edit <id>
                ...
                set algorithm {md5 | hmac-sha1 | hmac-sha256 | hmac-sha384 | hmac-sha512}
            next
        end
    next
end
    Note

    The available options for set authentication in the OSPF settings are now none, text, and message-digest.
    To configure HMAC-SHA cryptographic authentication for OSPF:
    1. Configure the router key chain:
      config router key-chain
    edit "11"
        config key
            edit "1"
                set accept-lifetime 01:01:01 01 01 2021 2147483646
                set send-lifetime 01:01:01 01 01 2021 2147483646
                set key-string **********
                set algorithm hmac-sha512
            next
        end
    next
end
    2. Configure OSPF:
      config router ospf
    set router-id 2.2.2.2
    config area
        edit 0.0.0.0
            set authentication message-digest
        next
    end
    config ospf-interface
        edit "1"
            set interface "port1"
            set authentication message-digest
            set md5-keychain "11"
        next
    end
end
    3. Verify that the OSPF neighbor can be established:
      # get router info ospf neighbor
OSPF process 0, VRF 0:
Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   Full/DR         00:00:37    12.1.1.1        port1
    Previous
    Next