Manuals / Fortinet / Computer Equipment / Network Card

Fortinet FortiGate-800 manual Adding RIP filters, Adding a RIP filter list, 165

Models: FortiGate-800

1 336
Download 336 pages 18.65 Kb
Page 165
Image 165

RIP configuration

Adding RIP filters

 

 

Adding RIP filters

Use the Filter page to create RIP filter lists and assign RIP filter lists to the neighbors filter, incoming route filter, or outgoing route filter. The neighbors filter allows or denies updates from other routers. The incoming filter accepts or rejects routes in an incoming RIP update packet. The outgoing filter allows or denies adding routes to outgoing RIP update packets.

Each entry in a RIP filter list consists of a prefix (IP address and netmask), the action RIP should take for this prefix (allow or deny), and the interface to which to apply this RIP filter list entry. When RIP applies a filter while processing an update packet, it starts at the top of the filter list and works down through the list looking for a matching prefix. If RIP finds a matching prefix, it then checks that the interface in the filter list entry matches the interface that the packet is received or sent on. If both prefix and interface match, RIP takes the action specified. If no match is found, the default action is allow.

For the neighbors filter, RIP attempts to match prefixes in the filter list against the source address in the update packet.

For the incoming filter, RIP attempts to match prefixes in the filter list against prefixes in the routing table entries in the update packet.

For the outgoing filter, RIP attempts to match prefixes in the filter list against prefixes in the RIP routing table.

You can add up to four RIP filter lists to the FortiGate RIP configuration. You can then select one RIP filter list for each RIP filter type: neighbors, incoming routes, outgoing routes. If you do not select a RIP filter list for any of the RIP filter types, no filtering is applied.

Note: To block all updates not specifically allowed in a filter list, create an entry at the bottom of the filter list with a prefix with 0.0.0.0 for the IP address, 0.0.0.0 for the netmask, and action set to deny. Because RIP uses the first match it finds in a top down search of the filter list, all the allowed entries are matched first, and all other entries for the specified interface are matched by the last entry and denied. Create a separate entry at the bottom of the filter list for each interface for which you want to deny all updates not specifically allowed.

This section describes:

Adding a RIP filter list

Assigning a RIP filter list to the neighbors filter

Assigning a RIP filter list to the incoming filter

Assigning a RIP filter list to the outgoing filter

Adding a RIP filter list

Each entry in a RIP filter list consists of a prefix (IP address and netmask), the action

RIP should take for this prefix (allow or deny), and the interface to which to apply this

RIP filter list entry.

To add a RIP filter list

1Go to System > RIP > Filter.

2Select New to add a RIP filter.

FortiGate-800 Installation and Configuration Guide

165

Page 164 Page 166
Page 165
Image 165
Fortinet FortiGate-800 Adding RIP filters, Adding a RIP filter list, 165, To add a RIP filter list Go to System RIP Filter
Page 164 Page 166