OSPF Basics

OSPF (Open Shortest Path First) is a dynamic routing protocol used inside an organization (between routers you own). Instead of you manually maintaining static routes between sites, OSPF lets routers automatically share what networks they can reach.

You'd run OSPF when you have 3+ routers with multiple paths between them — too many for static routes to scale. Small two-router setups are usually fine with static.

Concepts (Quick)

• Area — a logical grouping of routers. Most small deployments use only Area 0 (the backbone).
• Router ID — unique per router, written as an IPv4 (often the loopback IP, e.g. 1.1.1.1).
• Network type — broadcast (typical Ethernet), point-to-point (typical for tunnels).
• Hello / Dead intervals — keepalive timers. Default 10s hello / 40s dead.

Before You Start

• You're peering with another OSPF speaker — and you know its router ID and the network they expect to peer on.
• The interfaces between you are up and you can ping the neighbor.

Steps

1. Network → OSPF (may need to enable the menu via System → Feature Visibility → OSPF).
2. OSPF Settings:
   • Router ID — e.g. 1.1.1.1. Must be unique in the OSPF domain.
3. Areas → + Create New:
   • Area — 0.0.0.0 (the backbone).
   • Type — Regular.
4. Networks → + Create New:
   • IP/Netmask — the subnet on the interface that should run OSPF, e.g. 10.0.0.0/30.
   • Area — 0.0.0.0.
5. Interfaces → + Create New:
   • Name — e.g. Eth-OSPF1.
   • Interface — pick the FortiGate interface to run OSPF on.
   • Network Type — Broadcast (for normal Ethernet) or Point-to-Point (for tunnels).
   • Hello Interval — 10 (default).
   • Dead Interval — 40 (default).
   • Authentication — None for testing, MD5 for production (must match neighbor).
6. Click Apply.

CLI Equivalent

config router ospf
    set router-id 1.1.1.1
    config area
        edit 0.0.0.0
        next
    end
    config network
        edit 1
            set prefix 10.0.0.0 255.255.255.252
            set area 0.0.0.0
        next
    end
    config interface
        edit "Eth-OSPF1"
            set interface "port3"
            set network-type broadcast
            set hello-interval 10
            set dead-interval 40
        next
    end
end

Verify

# OSPF neighbor state — should reach "Full":
get router info ospf neighbor

# OSPF-learned routes in the routing table:
get router info routing-table ospf

# OSPF database (link-state):
get router info ospf database

Neighbor states progress: Down → Init → 2-Way → ExStart → Exchange → Loading → Full. If stuck at Init or 2-Way, authentication or area mismatch.

Common Issues

• Neighbors never form. Most common: area mismatch (both sides must be in the same area for the interface), Hello/Dead intervals mismatched, network types incompatible (broadcast vs point-to-point), or authentication wrong.
• Neighbor "Full" but no routes learned. OSPF is exchanging but no networks advertised. Add more network statements covering the subnets you want to share.
• Wrong route preferred. Multiple OSPF paths exist with different costs. Adjust interface cost: set cost 50 on a less-preferred path.
• Asymmetric routing. Other side learned routes via different path. Verify both sides see all relevant routes.

Related Pages

• Add a Static Route
• BGP Basics
• IPsec Site-to-Site VPN (often used over OSPF)