Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kbahrudin_FTNT
Staff
Staff

Created on ‎08-10-2015 02:06 AM

Article Id 191869

Technical Note: How to filter incoming OSPF routes using access-list on IP address

Description
This article provides an example showing how to filter the incoming OSPF routes using access-list on IP address.

Scope
OSPF route filtering.

Solution
config router ospf
set abr-type cisco -> set type as ABR
config distribute-list
edit 1
set access-list "TEST" -> apply access-list
next
end
end

config router access-list
edit "TEST"
config rule
edit 1
set action deny -> set action deny to reject the route
set prefix X.X.X.X N.N.N.N -> set the route to filter
set exact-match enable -> to match exact route
next
end
next
end

This example assumes the route to filter is 10.206.55.0/24.

Before Filter
# get router info ospf database brief

Summary Link States (Area 0.0.0.0)
Link ID         ADV Router      Age  Seq#     CkSum Flag Route
10.206.55.0     10.205.240.59   790  8000013c 5426  0012 10.206.55.0/24
10.206.59.0     10.205.240.59   933  8000013c 284e  0012 10.206.59.0/24

After Filter
# get router info ospf database brief

Summary Link States (Area 0.0.0.0)
Link ID         ADV Router      Age  Seq#     CkSum Flag Route
10.206.59.0     10.205.240.59   933  8000013c 284e  0012 10.206.59.0/24

15451
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.