Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ranand
Staff
Staff

Created on ‎11-26-2021 01:52 AM Edited on ‎01-02-2025 10:18 PM By Moderator

Article Id 199680

Technical Tip: How to clear BGP Sessions

Description This article describes ways to clear BGP sessions.
Scope FortiGate.
Solution

When policies such as access lists or attributes are changed, the change takes effect immediately. The next time that a prefix or path is advertised or received, the new policy is used. However, the changed policy is not applied retroactively, prefixes that were already advertised or received are not affected. In a stable network, it can take a long time for an existing prefix to be re-advertised or received again.

 

It is possible to trigger a manual update to ensure that the policy is immediately applied to all affected prefixes and paths.

 

Ways to trigger an update:

 

  • Hard reset: The BGP session will go down and be reestablished: traffic will be affected.

 

Command:

 

execute router clear bgp [ip|all] <neighbor_ip>

 

Hard reset is also triggered automatically by most changes to the BGP capability configuration. Examples of BGP capabilities include:

  • Route Refresh.
  • Graceful Restart.
  • ORF.

 

  • Soft reset.

 

Command.

 

execute router clear bgp ip <neighbor_ip> soft [in|out]

 

Out: Resend all BGP information to the neighbor without resetting the connection.

Recommended when changing outbound policy.

 

In: Available if soft-reconfiguration is enabled, or if the Route-Refresh BGP capability was advertised and received during BGP session setup. Recommended when changing inbound policy.

 

Soft-reconfiguration is not usually required for soft reset. If soft-reconfiguration is configured, FortiGate will store an unmodified copy of all received prefixes from the neighbor in case the inbound policy is changed- this consumes more memory.

See the article 'Technical Tip: BGP - Soft Reconfiguration vs. Route Refresh' for more discussion of the differences between Route Refresh and soft-reconfiguration.

 

Verifying if Route Refresh is available.

 

Command.

 

get router info bgp neighbors <neighbor IP> | grep capabilities -A 1

 

  • If both peers are configured to support Route Refresh, 'Route refresh: advertised and received' is visible under Neighbor capabilities:

 

vdom2 # get router info bgp neighbors 10.200.2.2 | grep capabilities -A 1

Neighbor capabilities:
Route refresh: advertised and received (old and new) 
Labels:
39120
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.