The issue described is a classic OSPF path selection behavior dictated by the version of the OSPF standard the device is following.

RFC 1583 vs. RFC 2328:

RFC 1583: This older standard does not distinguish between intra-area and inter-area paths when calculating the cost to an ASBR (Autonomous System Boundary Router) or an external route.

RFC 2328: This newer standard (which is the default behavior in FortiOS 7.6) introduces a preference for intra-area paths over inter-area paths to an ASBR. This is designed to prevent routing loops that could occur in specific complex topologies.

Analysis of the Exhibits:

FortiGate_A (HQ): Its routing table (image_bd08a0.jpg) shows two equal-cost paths (O E2) to the external destination 100.75.5.1/32, one via ISP1 (10.0.1.1) and one via ISP2 (10.0.11.1).

FortiGate_B (Branch): Its routing table (image_bd08a4.jpg) only shows a single path via FortiGate_A (10.0.2.1).

Topology: FortiGate_A acts as the ABR/ASBR. In this specific scenario (taken from the Enterprise Firewall Study Guide), one of the paths advertised by FortiGate_A reaches FortiGate_B as an inter-area path while the other is seen as an intra-area path.

Why only one route?

By default, rfc-1583-compatible is disabled on FortiGate. Therefore, it follows RFC 2328 logic.

Because RFC 2328 strictly prefers the intra-area path to the ASBR over the inter-area path, FortiGate_B discards the inter-area path and only installs the intra-area one in its routing table.

To allow FortiGate_B to use both paths (ECMP) for the external route, the administrator must enable RFC 1583 compatibility using the following CLI command:

config router ospf

set rfc1583-compatible enable

end

Once enabled, the FortiGate will stop preferring path types and will instead use the cost to determine the best path (or paths), allowing both routes to appear if the costs are equal.