Created on 06-23-2009 07:41 AM Edited on 02-05-2024 12:42 AM By Jean-Philippe_P
Description
- Advertise in RIP only a default route on interface DMZ1.
- Drop all RIP received advertisement on interface DMZ1.
Scope
FortiGate or VDOM running in NAT mode.
Solution
Notes
- Rules are parsed from lowest to highest rule ID number sequence and not by order.(i.e. if you have Rule ID 100 at the top of the list and Rule ID 5 at the bottom, Rule ID 5 will be read first)
- Prefix-list follows a 'stop on match' logic : when a rule has matched (defined by prefix/ge/le), the specified action is used and no further rules are inspected.
- There is an implicit block rules at the end of the rules list.
- Keywords 'ge' and 'le' may be used to define a pattern using the prefix as a border. - Keyword 'any' as prefix (#1) may be used as a "match all" filter.
- To match a default route only, a prefix list must be used ; an access list can not be used to match a default route.
|
Step 1: Configure the appropriate prefix-list.
# config router prefix-list edit "default_only" config rule edit 1 set prefix 0.0.0.0 0.0.0.0 unset ge unset le next edit 2 set action deny set prefix any unset ge unset le next end next edit "drop_all" config rule edit 1 set action deny set prefix any (#1) unset ge unset le next end next end |
Step 2: Configure RIP to use those prefix-list.
# config router rip set default-information-originate enable # config distribute-list edit 1 set interface "dmz1" set listname "default_only" set status enable next edit 2 set direction in <----- The default is "direction out", as used in the list above. set interface "dmz1" set listname "drop_all" set status enable next end |
Related Articles
Technical Note: How to enable RIP on FortiGate interfaces
How to advertise an Aggregate Route in RIP on a FortiGate
Technical Note: Advertising only a Default Route in RIP with prefix-list and distribute-list
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.