Technical Tip: Functionality of set passive in BGP Neighbor Groups
| Description | This article describes the default behavior and settings of 'set passive' specifically in the BGP neighbor-group. |
| Scope | FortiGate. |
| Solution | The BGP neighbor group is a collection of BGP neighbors that share common configurations and policies, allowing to apply of settings (like route maps, policies, etc.) to multiple neighbors simultaneously, simplifying management. Useful for managing multiple neighbors with similar configurations, such as in HUB and Spoke or ADVPN setups, where multiple peers require the same settings.
Passive Mode ensures that the BGP session is passive, meaning the local router or firewall will not initiate a connection to the specified neighbor. Instead, it will only respond to connection requests from that remote router or neighbor. This is particularly useful in scenarios where you want the neighbor to initiate the connection, such as in a hub-and-spoke topology.
config router bgp Enable/disable sending of open messages to this neighbor.
Note: When BGP passive mode is disabled on the ADVPN hub FortiGate with embedded SLA, SD-WAN health-check events can trigger repeated BGP session resets.
Related article: |