OSPF E2 route filter Fortigate

How to filter OSPF typeE2 routes using a  distribution list on  FortiGate. Some times you need to filter OSPF routes inbound & that you received from a OSPF neighbor.

In this example, I'm receiving the following ospf routes;

We will filter the last ospf type-E2 route 10.212.134.0/24.

Here's the basic steps;

1: 1st create prefix-list with deny action for the prefix(es) that you want to filter

2:  include a last match of any with an accept

3: apply the distribution list in the general ospf cfg

Now here's the cfg;

config router prefix-list     edit "dropit"             config rule                 edit 1                     set action deny                     set prefix 10.212.134.0 255.255.255.0                     unset ge                     unset le                 next                 edit 2                     set prefix 0.0.0.0 0.0.0.0                     unset ge                     set le 32                 next             end     next end
Ensure you have a any any cause to allow for all others,  insert any new filter rules with the exact match or criteria as required

Now build the distribution map in our general ospf configuration;

config router ospf 
   set distribute-list-in "dropit"
   end

Keep in mind the ospf LSA database will always shows the  LSA for this network regardless if it's filter from RIB.

A distribution list is not the most ideal way of controlling route migrations, you should always control route dissemination at the source of the routing info imho.





And here's our ospf route infromation after we apply the filtering;

Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  !  ! )=
       o 
      /  \