To set the networks in the AS – CLI
config router bgp config network edit 1
set prefix 10.11.101.0 255.255.255.0 next
end end
Add BGP neighbor information
The configuration will not work unless you set Remote AS neighbors. This can be done in either the web-based manager or the CLI.
To configure the BGP neighbors – web-based manager
1. Go to Router > Dynamic > BGP.
2. Add a Neighbors IP of 172.21.111.4 with the Remote AS set to 650001, then click Add/Edit.
3. Add another Neighbors IP of 172.22.222.4 with the Remote AS set to 650002, then click Add/Edit.
To configure the BGP neighbors – CLI
config router BGP
set as 1
config neighbor
edit “172.21.111.4”
set remote-as 650001 next
edit “172.22.222.4”
set remote-as 650002 next
end end
Additional FortiGate BGP configuration
At this point that is all the settings that can be done in both the web-based manger and the CLI. The remaining configuration must be completed in the CLI.
These additional settings are mainly determined by your ISP requirements. They will determine your timers such as keep alive timers, if extended features like BFD and graceful restart are being used, and so on. For this example, some common simply features are being used to promote faster detections of network failures which will result in better service for the Company’s internal network users.
The ISPs do not require authentication between peer routers.
These commands will enable or modify the following features on the FortiGate unit, and where possible on neighboring routers as well:
- bestpath-med-missing-as-worst — treats a route without an MED as the worst possible available route due to expected unreliability
- fast-external-failover — immediately reset the session information associated with BGP external peers if the link used to reach them goes down
- graceful-restart* — advertise reboots to neighbors so they do not see the router as offline, wait before declaring them offline, and how long to wait when they reboot before advertising updates. These commands applies to neighbors and are part of the BGP capabilities. This prevents unneeded routing updates.
- holdtime-timer — how long the router will wait for a keepalive message before declaring a router offline. A
- shorter time will find an offline router faster.
- keepalive-timer — how often the router sends out keepalive messages to neighbor routers to maintain those sessions.
- log-neighbor-changes — log changes to neighbor routers’ status. This can be useful for troubleshooting from both internal and external networks.
- connect-timer — how long in seconds the FortiGate unit will try to reach this neighbor before declaring it offline.
- weight — used to prefer routes from one neighbor over the other. In this example ISP1 is the primary connection so it is weighted higher than ISP2
Hi Mike,
if i configure the following on fortigate1:
config router bgp
set as 65000
set router-id 10.2.2.254
config neighbor
edit “10.2.2.253”
set next-hop-self enable
set remote-as 65000
set send-community6 disable
next
config redistribute “static”
set status enable
end
fortigate2 should get the default route 0.0.0.0 0.0.0.0 from fortigate1 as it is static ?
how can i redistribute the default route(fortigate1) to fortigate2 ?
thanks
regards
There is a really good KB article that explains how to do this. You can find it here
If you want to redistribute static routes you would enable the following
config router bgp
config redistribute static
set status enable
end
end
An example of the config would be like this
config router prefix-list
edit “only_dflt”
config rule
edit 1
set prefix 0.0.0.0 0.0.0.0
unset ge
unset le
next
end
next
end
config router route-map
edit “only_default_route”
config rule
edit 1
set match-ip-address “only_dflt”
next
end
next
end
config router bgp
set as 2
config neighbor
edit 10.142.0.110
set remote-as 1
set route-map-in “only_default_route”
next
end
set router-id 10.142.0.205
end
Let me know if this helped answer your question!
Thanks!
Hi,
thanks for the link and example, got it working!
Regards
Awesome to hear Piccolo!
config router bgp
set as 65041
set router-id 162.53.156.138
config neighbor
edit “10.104.55.1”
set ebgp-enforce-multihop enable
set soft-reconfiguration enable
set remote-as 64699
set send-community6 disable
next
edit “10.104.55.2”
set ebgp-enforce-multihop enable
set soft-reconfiguration enable
set remote-as 64699
set send-community6 disable
next
i am trying to accomplish above but i can see only one neighbour is establish and other is in ACTIVE state…
So you see both neighbors but only one is active?