Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssanga
Staff & Editor
Staff & Editor

Created on ‎10-21-2025 10:39 PM

Article Id 415901

Technical Tip: BGP Neighbors Created via CLI Without Remote-AS may Remain in Admin-Down State on FortiGate

Description This article describes how to create a BGP neighbor via CLI without a remote-AS (unlike the GUI) can leave the neighbor in an admin-down state despite the remote-AS being configured later.
Scope FortiGate v7.2.10, v7.4.X.
Solution

Unlike the GUI, the FortiGate CLI allows BGP neighbor creation without specifying a remote-as.

 

FGT # config router bgp
FGT (bgp) # config neighbor
FGT (neighbor) # edit 192.168.1.1
new entry '192.168.1.1' added
FGT (192.168.1.1) # end
FGT (bgp) # end

Neighbors created this way remain in the Admin-down state when the remote-as is added later, even if shutdown is disabled:

 

FGT # config router bgp
FGT (bgp) # config neighbor
FGT (neighbor) # edit 192.168.1.1
FGT (192.168.1.1) # set remote-as 65000 <----- Configure remote-as.
FGT (192.168.1.1) # get | grep shut
shutdown : disable <----- Though shutdown is disabled, BGP neighborship remains in Admin down state.
FGT (192.168.1.1) # end
FGT (bgp) # end

FGT # get router info bgp summ

VRF 0 BGP router identifier 3.3.3.3, local AS number 65002
BGP table version is 1
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.1.1 4 65000 0 0 0 0 0 never Idle (Admin) <----- Shows as admin down.

Starting with v7.6.3, configuring a BGP neighbor via CLI requires specifying the remote-as:


FGT (bgp) # config neighbor
FGT (neighbor) # edit 192.168.1.1
FGT (192.168.1.1) # end
remote-as must be set.
object set operator error, -89 discard the setting
Command fail. Return code -89

Workaround:
Toggle the neighborship status using the commands below:

 

FGT # config router bgp
FGT (bgp) # config neighbor
FGT (neighbor) # edit 192.168.1.1
FGT (192.168.1.1) # set shutdown enable <----- Enable shutdown.
FGT (192.168.1.1) # end
FGT (bgp) # end

FGT # config router bgp
FGT (bgp) # config neighbor
FGT (neighbor) # edit 192.168.1.1
FGT (192.168.1.1) # set shutdown disable <----- Disable shutdown.
FGT (192.168.1.1) # end
FGT (bgp) # end

FGT # get router info bgp summary
VRF 0 BGP router identifier 3.3.3.3, local AS number 65002
BGP table version is 1
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.1.1 4 65000 2 2 0 0 0 00:00:07 0 <----- Neighbor UP.
95
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.