Quick Tip – When your FortiGate is stuck in ExStart when using OSPF

I wrote an article a while back regarding OSPF.  Here is a quick tip I ran into today and wanted to share with the world that was not in the original article.  When an OSPF adjacency is formed, a FortiGate goes through several state changes before it becomes fully adjacent with its neighbor. Those states are defined in RFC 2328 section 10.1.

Down, Attempt, Init, 2-Way, Exstart, Exchange, Loading, and Full

Until you do not see full between your neighbors, your OSPF is NOT operational.  You can see this by entering the following command on the CLI of the FortiGate

get router info ospf neighbor

In my case, the customer was running OSPF across a VPN.

I have run into this in the past.  The issue is usually caused by MTU size.  Here is the fix:

You will need to enter into the OSPF configuration

config router ospf

Once there, you will need to configure the ospf-interface

config ospf-interface

Once there, you can edit the ospf interface you want to modify.  In my case, it was AWS-to-CG-03

edit AWS-to-CG-03
set mtu-ignore en
end

Now you should see the status of Full

 

Hope this helps