Technical Tip : How to use firewall addresses and addresses groups to announce BGP network prefixes
| Description | This article describes how to use firewall addresses and address groups for BGP network prefix announcements. |
| Scope | FortiGate. |
| Solution | From FortiOS v7.6.0, it is possible to configure the firewall addresses and groups when configuring BGP network prefixes.
In this example FGT2 advertising 10.10.10.0/24, 10.10.20.0/24 and 10.10.30.0/24 prefixes to 'FGT1'.
To achieve this needs to enable the allow-routing setting in the firewall address and address group. By default, it is disabled. Enable this setting for all firewall addresses that want to advertise. Here, it is shown only for one firewall address.
FortiGate Firewall Address Group in GUI :
Configure this address group in BGP:
'FGT1' receives all three prefixes announced with the address group 'IP_Address_Group'.
|
