FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article looks at the effect of BGP synchronisation rule on learning BGP routes from the BGP peer. It basically states that unless and until a route is present in IGP table, the FortiGate will not advertise BGP route to the BGP peer. Nor will it install the BGP route received from the peer into the routing table. By default, the synchronization is disabled.
config router bgp set as 12849 set router-id 188.8.131.52 set synchronization enable config neighbor edit "184.108.40.206" set remote-as 12849 next end end
Verification of configuration and troubleshooting
FGT # get router info bgp summary BGP router identifier 220.127.116.11, local AS number 12849 BGP table version is 5 1 BGP AS-PATH entries 0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 18.104.22.168 4 12849 5075 2337 4 0 0 00:06:24 1
Total number of neighbors 1
FGT # get router info bgp neighbor 22.214.171.124 received-routes BGP table version is 13, local router ID is 126.96.36.199 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *>i0.0.0.0/0 188.8.131.52 100 0 i
Default route 0.0.0.0/0 is being received from the peer. This route is not previously present in routing table. It is not in the IGP table.
FGT# get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area > - selected route, * - FIB route, p - stale info
The received route not present in the routing table.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.