When a route-map is used during redistribution, BGP assigns the default AD of 20 instead of inheriting the source protocol’s AD (Cisco Standard OSPF = 110, RIP = 220, static = 5). This leads to an incorrect route selection.

config router bgp

    set as 65000

    set router-id 10.254.1.2

        config redistribute "rip"

            set status enable

            set route-map "FGT-AWS"

        end

end

config router route-map

    edit "FGT-AWS"

        config rule

            edit 1

                set set-community "65000:300"

                unset set-ip-prefsrc

            next

        end

    next

end

Faulty behavior:

get router info bgp network 0.0.0.0/0

Paths: (2 available, best 1)

101.98.255.0 from 100.98.255.0 (10.70.17.5)

 Origin incomplete, distance 20, localpref 110, valid

...

137.52.128.99 from 0.0.0.0 (138.51.127.91)

 Origin incomplete, distance 20, localpref 100, weight 32768, valid  

Expected behavior:

Paths: (2 available, best 2)

101.97.255.0 from 100.99.255.0 (10.70.17.5)

 Origin incomplete, localpref 120, valid

...

137.52.128.109 from 0.0.0.0 (138.51.127.109)

 Origin incomplete, localpref 100, weight 32768, valid

When a route-map is applied during redistribution into BGP, the FortiGate does not preserve the original administrative distance from the source protocol. Instead, it assigns the default BGP AD of 20. This break causes route instability.

Workaround:

• Set the Lower Distance for BGP Learned Routes:

config router bgp

    set distance-internal 7

end

• Use AD for specific prefixes:

config router access-list

    edit "AWS-FGT"

        config rule

            edit 1

                set prefix 192.167.98.0 255.255.255.0

                set distance 5

            next

        end

    next

end

Related articles:

Technical Tip: How to redistribute routes from other sources   

Technical Tip: Redistribute BGP routes learnt through different BGP Communities into OSPF