Description | This article describes how to filter in a BGP neighbor-group based on remote-AS. |
Scope | Starting from 7.4.4 GA and 7.6.0 GA |
Solution |
In FortiOS 7.4.4 and 7.6.0 is introduced a new feature which allows assignment of multiple remote Autonomous Systems (AS) to a signle BGP neighbor group. This can be done with using the AS path lists. This feature offers increased flexibility in managing BGP configurations.
BGP configuration of FortiGate-1:
config router bgp
config router aspath-list
FortiGate-2 BGP configuration:
config router bgp
FortiGate-3 BGP configuration:
config router bgp
For simplicity, FortiGate-2 will advertise network 192.168.200.0/24, and FortiGate-3 will advertise network 192.168.201.0/24. FortiGate-1 will filter based on the AS-filter using the new introduced commands below. In the provided example, the regular expression '^6551[2-3]$' is used, which allows only AS 6551* , where * varies between 2 and 3. This range can be extended or modified based on the needs.
config router aspath-list end
Output from FortiGate-1:
get router info bgp summary VRF 0 BGP router identifier 1.1.1.1, local AS number 65513 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd Total number of neighbors 2
If the AS of FortiGate-2 is changed to 65514, for example, then FortiGate-1 will have only one BGP session, because AS 65514 does not match the configured regex for aspath-list. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.