Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jeroenh
New Contributor

OSPF distribute-list-in default route only

Hi,

 

I'm running an HA cluster of 2x FGT-300D. The cluster is talking OSPF towards 2 Nexus 5000 devices.

Once I apply an access-list/prefix-list via distribute-list-in to only install the default route on the cluster, all remote communication is impossible... Through debugging I still see traffic (icmp/https) entering the fortigate cluster.

 

Once I remove the distribute-list-in statement traffic restores (as more routes enter the routing table). All other (more specific) routes are pointing towards the same 2 Nexus 5000 devices. The default routes are also pointing to these 2 Nexus devices.

 

I was checking RPF documentation which states that anti-spoofing kicks in once there is no locally attached subnet or any other route. But having only a default route shouldn't trigger anti-spoofing, right?

 

Any clue?

 

regards,

 

Jeroen

 

cluster is 2x 300D active/passive

5.2.4 build 688

0 REPLIES 0
Labels
Top Kudoed Authors