FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the behavior of BGP SD-WAN route-tagging for the routes learned and tagged.
Unlike normal routing behavior, BGP SD-WAN route-tagging prefers the least specific routes which causes more specific routes to be less preferred.
Below is an example wherein the default route is installed by the SD-WAN rule ID 9 due to the said behavior. Notice that 10.56.56.0/24, 10.57.57.0/24, and 10.0.0.0/8 were not included even though these routes are tagged with the same route-tagging as that of the default route.
Note that the 10.0.0.0/8 route is used on SD-WAN rule ID 9. Routes to 10.56.56.0/24 and 10.57.57.0/24 were not installed.
In this example, I have enabled redistribute static route with a route-map and enable capability-default-originate from the Hub. Removing these settings will show the following behavior.
After the changes and BGP restart, the routes to 10.56.56.0/24 and 10.57.57.0/24 were installed properly.
For more information regarding BGP and SD-WAN route-tagging, check the article below.