FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes that EBGP routes with MED attribute will not be sent from one EBGP peer to another EBGP peer.
Scope
FortiOS.
Solution
The BGP multiple exit discriminator (MED, or MULTI_EXIT_DISC) is a non-transitive attribute, meaning that it is not propagated throughout the Internet, but only to adjacent autonomous systems (ASs).
AWS-----Perimieter Firewall-----DMZ firewall
1) Use the Prefix List to match the network. 2) Create a route map.
# config router route-map edit "NewMetric" config rule edit 1 set match-ip-address "<Prefix_List_Name>" set set-metric 20 next end next end
3) Use the route map in the outbound direction towards DMZ peer.
# config router bgp # config neighbor edit "1.1.1.1" set route-map-out "NewMetric" end end end
