Skip to main content
ezhupa
Staff
ezhupa
Staff
September 12, 2025

Technical Tip: Graceful restart feature not supported with BGP neighbor-group and neighbor-range commands

  • September 12, 2025
  • 1 reply
  • 1130 views
Description This article describes issues with the Graceful Restart feature when used with BGP neighbor groups and neighbor-range commands.
Scope FortiGate, FortiOS.
Solution

When multiple BGP neighbors must be configured, administrators may streamline the process by creating BGP neighbor groups and neighbor-range commands.

 

As an example:

 

config router bgp
    set as Y.Y.Y.Y
    set router-id z.z.z.z
    set holdtime-timer 60
    set ebgp-multipath enable
    set ibgp-multipath enable
    set additional-path enable
    set graceful-restart enable
    next
end


config neighbor-group
    edit "test_1"
        set capability-graceful-restart enable
        set link-down-failover enable
        set next-hop-self enable
        set soft-reconfiguration enable
        set remote-as X.X.X.X
    next
end


config neighbor-range
    edit 1
        set prefix 192.10.10.0 255.255.255.0
        set neighbor-group "test_1"
    next
end

 

Administrators typically also enable the Graceful Restart feature to prevent network disruptions and packet loss during an HA failover or when the primary FortiGate in an HA cluster is rebooted.

 

When using a BGP neighbor-group is used, packet loss may occur during failover testing.
Reverting the configuration to manually configured neighbors eliminates the packet loss, indicating a potential issue with Graceful Restart when using BGP neighbor-group and neighbor-range commands.

 

Conclusion:

Since neighbor-groups are passive and cannot trigger a re-connection, it is expected that neighbor-groups defined with neighbor-range cannot perform Graceful Restart when it is the side that initiates a restart.


BGP graceful restart against dynamic BGP peers during a HA failover is not supported at this time in FortiOS.

 

To prevent packet loss using BGP neighbor-groups on SD-WAN Hubs, each spoke must activate the route-stale option on BGP neighborship with each Hub:

 

config router bgp

    config neighbor

        edit Y.Y.Y.Y

            set stale-route enable

        next

end

 

Instead, in order to benefit fully from the Grace Restart feature, BGP configuration would need to be modified to manually configure neighbors instead of neighbor-groups defined with neighbor-range.

 

Note:
To troubleshoot BGP message exchange, the following debug can be run on the FortiGate:

 

diagnose ip router bgp all enable

diagnose ip router bgp level info

diagnose debug enable

 

To disable:

 

diagnose ip router bgp all disable

diagnose debug disable

 

To check Graceful Restart capabilities and packet exchange differences between the BGP peers, the following sniffer can be run, or a packet capture can be run in the GUI under the Diagnostics page.

diagnose sniffer packet any 'port 179' 6 0 l

 

CTRL+C to stop.

Related articles:

Technical Tip: Configuring FortiGate HA and BGP graceful-restart to avoid traffic interruption during an HA failover 
Technical Tip: Understanding Graceful restart and non-stop forwarding for BGP in FortiGate HA 
Technical Tip: Understanding Graceful restart and non-stop forwarding for OSPF in FortiGate HA 

    1 reply

    vladimirtegeltija
    vladimirtegeltija
    Visitor III
    June 1, 2026

    Hello,

     

    Any news about this topic?

    We were informed by our Fortinet representatives that this feature should be available since Forti OS 7.6.3.

    But when testing with Forti OS 7.6.6, it was same behavior, no graceful restart support for dynamic neighbors.

    We have outage and session purge whenever we do a failover.

     

    Can you check/confirm is this still the case?

    If feature is available, please update article how to do this, is it automatic, do we have some new commands introduced etc?

     

    Thank you

    Terms & ConditionsAccessibility statement