FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
1) Use the following commands to enable OSPF md5 authentication.
# config router ospf # config ospf-interface edit [Interface Entry Name] set interface [Interface] set authentication md5 set md5-key [Key ID] [Key String Value] next end
2) Example: MD5 authentication for port4.
# config router ospf # config ospf-interface edit "PORT4" set interface "port4" set authentication md5 set md5-key 1 fortinet123 next end
3) Verification commands.
# get router info ospf neighbor OSPF process 0, VRF 0: Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 1 Full/Backup 00:00:34 10.162.0.100 port4
# get router info ospf interface port4 Port4 is up, line protocol is up Internet Address 10.162.0.114/20, Area 0.0.0.0, MTU 1500 Process ID 0, VRF 0, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 3.3.3.3, Interface Address 10.162.0.114 Backup Designated Router (ID) 2.2.2.2, Interface Address 10.162.0.100 Timer intervals configured, Hello 10.000, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:03 Neighbor Count is 1, Adjacent neighbor count is 1 Crypt Sequence Number is 2334819 Hello received 87518 sent 87469, DD received 8 sent 7 LS-Req received 2 sent 2, LS-Upd received 2410 sent 1933 LS-Ack received 1926 sent 2408, Discarded 7
FortiOS v6.2 and above.
1) The key cannot be configured directly under ‘# config ospf-interface’ as ‘set md5-key’ option has been removed.
2) Go under ‘# config ospf-interface’ and then further go under ‘# config md5-keys’ to configure the keys.
3) Syntax.
# config router ospf # config ospf-interface edit [Interface Entry Name] set interface [Interface] set authentication md5 # config md5-keys edit [Key ID] set key-string [Key String Value] next end next end
4) Example.
# config router ospf # config ospf-interface edit "PORT4" set interface "port4" set authentication md5 # config md5-keys edit 1 set key-string fortinet123 next end next end
5) Verification commands.
# get router info ospf neighbor OSPF process 0, VRF 0: Neighbor ID Pri State Dead Time Address Interface 3.3.3.3 1 Full/DR 00:00:34 10.162.0.114 port4
# get router info ospf interface port4 port4 is up, line protocol is up Internet Address 10.162.0.100/20, Area 0.0.0.0, MTU 1500 Process ID 0, VRF 0, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State Backup, Priority 1 Designated Router (ID) 3.3.3.3, Interface Address 10.162.0.114 Backup Designated Router (ID) 2.2.2.2, Interface Address 10.162.0.100 Timer intervals configured, Hello 10.000, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:09 Neighbor Count is 1, Adjacent neighbor count is 1 Crypt Sequence Number is 13694 Hello received 87449 sent 87545, DD received 7 sent 8 LS-Req received 2 sent 2, LS-Upd received 1927 sent 2410 LS-Ack received 2408 sent 1925, Discarded 0 Cryptographic authentication enabled Sending SA: Key 1
