Skip to main content
ck888
ck888
New Member
August 4, 2021
Question

How Stripping/hide All BGP AS-Path left FGT AS itself, Similar PAN remove as-path function

  • August 4, 2021
  • 1 reply
  • 15704 views

HI All, May i know any possibility Stripping/hide All BGP AS-Path left FGT AS itself, that Similar PAN remove as-path function? for example to FGT BGP AS path AS 64525 (R1) <-> AS 64999 (FGT) <-> AS64888 (R3) For R3 may include other AS like 200,300 Currently Problem, it's see a lot AS path in R1 Router1 # get router info bgp nei x.x.x.x received-route Network Next Hop Metric LocPrf Weight RouteTag Path *> 10.22.22.0/24 10.90.1.2 0 0 64999 64888 200 300? <-/-> Target Achieve - Left FGT AS itself/hide other AS path in bgp table. Router1 # get router info bgp nei x.x.x.x received-route Network Next Hop Metric LocPrf Weight RouteTag Path *> 10.22.22.0/24 10.90.1.2 0 0 64999 ? <-/-> Is that possible FGT able to achieve it? Anyone have idea, please assist it

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    August 4, 2021

    I haven't done it myself but found below with a simple Internet(Google) search.

    https://kb.fortinet.com/k....do?externalID=FD49233

    ck888
    ck888Author
    New Member
    August 5, 2021

    HI Toshi Esumi,

     

    Finally someone response the topic.

     

    Thanks for reply and information with the link.

     

    Unfortunately, the link don't include how to strip/hide the AS-path include private and public. In my case similar the scenario 2. I' wondering is there anyway can achieve it in fortigate firewall or it's fortigate feature limitation. In PAN or cisco, they are able completed hide/strip AS-path include private and public.

     

    If anyone of you or fortinet employee know there is other way could achieve it or FGT feature limitation, please share with it. I'm appreciate it.

     

     

    emnoc
    emnoc
    New Member
    August 5, 2021

    Why would you strip a public AS from a AS_path string? I don't think I ever heard of anybody removing a public-as_path and replacing it, we typically drop the prefix from that path or d-preference it to a ridiculous value like 1 or 10 if you have other bgp routes for that same destination.

     

    As far as removing private-as, you should be able to do that per-neighbor statement that KB seems to be incorrect and the 1st example does have a mix of public-private ASN 

     

    I would test it for sure and grab  the received prefixes after applying.

     

    ken Felix

     

     

    Terms & ConditionsAccessibility statement