This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.

  • 1.  OSPF Routing with Fortigate Firewall

    Posted 08-20-2021 16:58
    I just started a basic lab with OSPF routing between a vQFX and a Fortigate Router.
    The topology is quite simple :
    • I have 2 vrf on my qFX
    • The first vrf C2 is acting as a backbone router and is redistributing external subnet in ospf
    • The second vrf C1 is located in an other ospf area (regular one)
    • A fortigate router is acting as a ABR in between

    OSPF adjancies are up. And native OSPF subnets are exchanged between the 2 areas.
    Yet there's an issue with the external subnet. He's learned and propagated by the Fortigate but it is not loaded in vrf C1 RIB.
    I am scratching my head. Is there an interoperability issue or did I miss something really trivial ?

    If I looked in vrf C1 ospf database, everything seems in order : is advertised by ASBR which in turn is known by my ABR
    Connectivity is up all the way through

  • 2.  RE: OSPF Routing with Fortigate Firewall

    Posted 08-24-2021 11:34
    Just a quick follow up if it may help others.
    Since is a normal junos behaviour (loop avoidance) when using vrf.
    There is a kb wich explain this:

  • 3.  RE: OSPF Routing with Fortigate Firewall

    Posted 08-27-2021 05:35
    Oh yeah, this is what is called capability-vrf in other vendors, and it is a go to when having the OSPF process inside VRF in order to accept routes.