Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
amahdi
Staff & Editor
Staff & Editor

Created on ‎08-24-2023 05:48 AM Edited on ‎10-17-2025 06:13 AM By Community Manager

Article Id 270213

Technical Tip: Advertising specific subnets via BGP while having aggregate–address settings

Description

This article describes a scenario where a user is trying to advertise specific subnets 10.90.19.0/30 and 10.90.19.128/25 over BGP while having an aggregate address 10.0.0.0/8 configuration. However, it is not advertising the routes to BGP neighbors, although the prefix list is configured properly.


get router info bgp neighbors 10.90.19.1 advertised-routes

% No prefix for neighbor 10.90.19.1
.

config router bgp

    set as yyyyy

    set router-id x.x.x.x

    set ebgp-multipath enable

        config aggregate-address

            edit 1

                set prefix 10.0.0.0 255.0.0.0
                set summary-only enable

            next

config router prefix-list
    edit "NAME"

        config rule

            edit 1

                set prefix 10.90.19.0 255.255.255.252

                unset ge

                unset le

            next

            edit 2

                set prefix 10.90.19.128 255.255.255.128

                unset ge

                unset le

            next

            edit 3

                set action deny

                set prefix any

                unset ge

                unset le

            next

end
Scope  FortiGate. 
Solution

Disable summary-only settings under aggregate address route to prevent suppressing the child routes from being advertised individually.


config router bgp

    config aggregate-address

        edit 1

         set prefix 10.0.0.0 255.0.0.0

         set summary-only disable

     next

end

 

After the BGP soft reset, individual routes were advertised successfully.

get router info bgp neighbors 10.90.19.1 advertised-routes

VRF 0 BGP table version is 6, local router ID is x.x.x.x

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

 

Network Next Hop Metric LocPrf Weight RouteTag Path

*> 10.90.19.0/30 10.90.19.2 100 32768 0 i <-/->

*> 10.90.19.128/25 10.90.19.2 100 32768 0 i <-/->

 

In addition to the individual routes, the summary route would also be advertised. In the advertised route, when checked, it will be seen that 10.0.0.0/8 will be advertised to the neighbor in addition to 10.90.19.0/30, 10.90.19.128/25. 

 

Related article:
Technical Tip: How to implement BGP route summary (aggregation) on a FortiGate
5153
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.