Description | This article describes controlling the received routes from the local device. |
Scope | Fortigate |
Solution |
This feature is used to reduce the system resources on the firewall that is not accepting full routes from the neighbour.
The FGT2 should receive only 1.1.1.1/32 from FGT1
FGT1 # show router bgp # config router bgp # set as 65000 # config neighbor # edit "10.0.0.2" # next # end # config network # edit 1 # set prefix 1.1.1.1 255.255.255.255 # next # set prefix 2.2.2.2 255.255.255.255 # next # set prefix 3.3.3.3 255.255.255.255 # next # end
FGT2 # show router bgp # config router bgp # set as 65001 # edit "10.0.0.1" # set capability-orf send < ------------ # next # end
FGT2 # show router prefix-list # edit "Net_1.1.1.1" # edit 1 # set prefix 1.1.1.1 255.255.255.255 # next # end # end
FGT2 # get router info bgp summary Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd Total number of neighbors 1
> All the networks are advertised on FGT1, but it's advertising only 1.1.1.1/32 network to FGT2 based on the ORF filter.
FGT1 # get router info bgp neighbors 10.0.0.2 advertised-routes Network Next Hop Metric LocPrf Weight RouteTag Path Total number of prefixes 1
FGT2 # get router info bgp neighbors 10.0.0.1 received-routes Network Next Hop Metric LocPrf Weight RouteTag Path Total number of prefixes 1
Note: The inbound filter can be applied on FGT2, but it will consume the local resource on the firewall to filter the networks. This feature is used to reduce the amount of processing on the local devices.
Related Articles |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.