By Manny Fernandez

October 5, 2021

Quick Tip – When your FortiGate is stuck in ExStart when using OSPF

I wrote an article a while back regarding OSPF.  Here is a quick tip I ran into today and wanted to share with the world that was not in the original article.  When an OSPF adjacency is formed, a FortiGate goes through several state changes before it becomes fully adjacent with its neighbor. Those states are defined in RFC 2328 section 10.1.

Down, Attempt, Init, 2-Way, Exstart, Exchange, Loading, and Full

Until you do not see full between your neighbors, your OSPF is NOT operational.  You can see this by entering the following command on the CLI of the FortiGate

get router info ospf neighbor

In my case, the customer was running OSPF across a VPN.

I have run into this in the past.  The issue is usually caused by MTU size.  Here is the fix:

You will need to enter into the OSPF configuration

config router ospf

Once there, you will need to configure the ospf-interface

config ospf-interface

Once there, you can edit the ospf interface you want to modify.  In my case, it was AWS-to-CG-03

edit AWS-to-CG-03
set mtu-ignore en
end

Now you should see the status of Full

 

Hope this helps

Recent posts

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story