iBGP routing issue with 3 FortiGate firewalls

Forum|Forum|4 months ago
February 5, 2026
1 reply
203 views

I have a simple topology with three FortiGate devices connected in a line. The first device is connected to the middle device through an IPsec tunnel, and the middle device is directly connected to the third device. All three devices are running BGP in the same autonomous system (iBGP).

All BGP sessions are established successfully, and the middle device learns routes from both edge devices. However, the edge devices do not learn routes from each other. The routing information reaches the middle device but is not propagated to the opposite side.

What is the correct way to configure this setup

funkylicious

SuperUser

by default ibgp routes are not shared between peers.

you would need to make the middle FGT a route-reflector and the ones on the left/right clients.

so, on the middle FGT just do set route-reflector-client enable for the left/right neighbor peers and a clear bgp should do the trick.

L.E. you would also might need set next-hop-self enable

"jack of all trades, master of none"

Sri_Author

New Member

I alredy enabled route-reflector on the middle firewall.
No other changes were made.

After that, the PfxRcd in get router info bgp summary increased from 4 to 9, and I can see all 9 routes with:

get router info bgp neighbor x.x.x.x routes

However, only 4 routes are installed and visible in:

get router info routing-table bgp

funkylicious

SuperUser

if you dont have any route-maps or prefix-lists that might block those routes, i would also try setting next-hop-self-rr on the FGT acting as a 'hub' .

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explanation-of-set-next-hop-self-rr-enable/ta-p/411835

"jack of all trades, master of none"

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded