FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akileshc
Staff
Staff
Article Id 344945
Description This article describes the default behavior and settings of 'set passive' specifically in the BGP neighbor-group.
Scope FortiGate.
Solution

The BGP neighbor group is a collection of BGP neighbors that share common configurations and policies, allowing to apply of settings (like route maps, policies, etc.) to multiple neighbors simultaneously, simplifying management.

Useful for managing multiple neighbors with similar configurations, such as in HUB and Spoke or ADVPN setups where multiple peers require the same settings.

 

Passive Mode ensures that the BGP session is passive, meaning the local router or firewall will not initiate a connection to the specified neighbor. Instead, it will only respond to connection requests from that remote router or neighbor.

This is particularly useful in scenarios where you want the neighbor to initiate the connection, such as in a hub-and-spoke topology.


config router bgp
    config neighbor-group
        edit <name>
            set passive <enable/disable> <----- Default value would be 'enable'.

            Enable/disable sending of open messages to this neighbor.
        end
    end

Contributors