Description
This article gives a configuration example of how to achieve the following with BGP:
Scope
FortiGate or VDOM in NAT mode.
Diagram:
The following diagram is used to illustrate this example. The focus of the configuration is on FGT-1.
Expectations, Requirements
The requirement on FGT-1 is:
A.1- Based on a redistribute Policy
config router bgp
config redistribute static << static is used in this example because 192.198.0.0/21 is a set status enable static route, it must be adapted to each situation end end |
config router bgp config network edit 1 set prefix 192.168.0.0 255.255.248.0 next end end |
config router prefix-list edit "only_dflt" config rule edit 1 set prefix 0.0.0.0 0.0.0.0 unset ge unset le next end next end config router route-map edit "only_default_route" config rule edit 1 set match-ip-address "only_dflt" next end next end config router bgp set as 2 config neighbor edit 10.142.0.110 set remote-as 1 set route-map-in "only_default_route" next end set router-id 10.142.0.205 end |
Verification
Verification on FGT-1 before implementing the route map
FGT-1 (bgp) # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default B* 0.0.0.0/0 [20/0] via 10.142.0.110, wan1, 00:02:18 B 1.1.1.1/32 [20/0] via 10.142.0.110, wan1, 00:02:18 S 2.2.2.2/32 [10/0] via 192.168.183.254, wan2 O 10.128.0.0/10 [110/0] is a summary, Null, 00:02:23 C 10.142.0.0/23 is directly connected, wan1 B 10.160.0.0/23 [20/0] via 10.142.0.110, wan1, 00:02:18 C 10.161.0.0/30 is directly connected, Inter-vdom10 C 10.161.0.1/32 is directly connected, Inter-vdom10 C 10.161.0.4/30 is directly connected, Inter-vdom20 C 10.161.0.5/32 is directly connected, Inter-vdom20 B 192.168.0.0/16 [20/0] via 10.142.0.110, wan1, 00:02:18 S 192.168.0.0/21 [10/0] via 10.161.0.2, Inter-vdom10 B 192.168.168.0/24 [20/0] via 10.142.0.110, wan1, 00:02:18 S 192.168.171.0/24 [10/0] via 192.168.183.254, wan2 C 192.168.182.0/23 is directly connected, wan2 |
Verification on FGT-1 after implementing the route map
FGT-1 (root) # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default B* 0.0.0.0/0 [20/0] via 10.142.0.110, wan1, 00:05:58 S 2.2.2.2/32 [10/0] via 192.168.183.254, wan2 O 10.128.0.0/10 [110/0] is a summary, Null, 00:06:03 C 10.142.0.0/23 is directly connected, wan1 O 10.160.0.0/23 [110/200] via 10.161.0.2, Inter-vdom10, 00:05:39 C 10.161.0.0/30 is directly connected, Inter-vdom10 C 10.161.0.1/32 is directly connected, Inter-vdom10 C 10.161.0.4/30 is directly connected, Inter-vdom20 C 10.161.0.5/32 is directly connected, Inter-vdom20 S 192.168.0.0/21 [10/0] via 10.161.0.2, Inter-vdom10 S 192.168.171.0/24 [10/0] via 192.168.183.254, wan2 C 192.168.182.0/23 is directly connected, wan2 |
Verification of routes received on FGT_ISP
FGT_ISP (bgp) # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default S* 0.0.0.0/0 [10/0] via 192.168.183.254, port1 S 1.1.1.1/32 [10/0] via 192.168.183.254, port1 C 10.142.0.0/23 is directly connected, port6 C 10.160.0.0/23 is directly connected, port2 S 192.168.0.0/16 [10/0] via 192.168.183.254, port1 B 192.168.0.0/21 [20/0] via 10.142.0.205, port6, 00:09:01 S 192.168.168.0/24 [10/0] via 192.168.183.254, port1 C 192.168.182.0/23 is directly connected, port1 |
Related Articles
Technical Note : How to implement BGP route summary (aggregation) on a FortiGate
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.