Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jiahoong112
Staff
Staff

Created on ‎10-01-2024 11:57 PM Edited on ‎11-28-2024 11:50 PM By Moderator

Article Id 346323

Technical Tip: BGP Neighbor in Idle (Admin)

Description

This article describes that there may be times when the BGP neighbors may show up as Idle (Admin).

 

jiahoong112_0-1727837729902.png

 

This is usually seen when the neighbor, interface has been administratively disabled or shut down. Sometimes this is even when the interface is Up and the BGP neighbor is not in a shutdown state. Running a sniffer packet on port 179 results in 1-way BGP TCP traffic with FortiGate sending the FIN packet to BGP TCP traffic.

 

BGP debug shows the following message:

 

BBGP: [NETWORK] Accept Thread: Incoming conn from host 10.201.99.254 (FD=28 VRF=0)
BGP: 10.201.99.254-Outgoing [FSM] State: Idle Event: 14 <--------------
Scope FortiGate.
Solution

To fix this, shut down and unshut the BGP neighbor as such:

 

Shutdown the BGP neighbor first:

 

config router bgp
    config neighbor
        edit <bgp-peer>
            set shutdown enable
        end
end

 

Wait for 30 seconds and Unshut:

 

config router bgp

    config neighbor

        edit <bgp-peer>

            unset shutdown

        end

end
Labels:
694
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.