Example output showing the default route received from a BGP peer:

FGT # get router info bgp neighbors 172.17.0.1 received-routes
VRF 0 BGP table version is 1, local router ID is 172.17.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight RouteTag Path
*> 0.0.0.0/0 172.17.0.1 0 0 600 ? <-/-> <----- Default route received from a BGP peer.
*> 10.10.40.0/24 172.17.0.1 0 0 600 ? <-/->
*> 10.10.45.0/24 172.17.0.1 0 0 600 i <-/->

Total number of prefixes 3

FGT # get router info routing-table database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
V - BGP VPNv4
> - selected route, * - FIB route, p - stale info

Routing table for VRF=0
B 0.0.0.0/0 [20/0] via 172.17.0.1 (recursive via wirea26 tunnel 10.47.1.237), 00:04:36, [1/0]
S *> 0.0.0.0/0 [10/0] via 10.47.31.254, port4, [1/0]
B *> 10.10.40.0/24 [20/0] via 172.17.0.1 (recursive via wirea26 tunnel 10.47.1.237), 00:04:36, [1/0]
B *> 10.10.45.0/24 [20/0] via 172.17.0.1 (recursive via wirea26 tunnel 10.47.1.237), 00:04:36, [1/0]

To prevent the default route from a BGP peer from being injected into the routing table, configure an 'access-list' with an exact match to deny the default route:

FGT #config router access-list
    edit "deny_default"
    config rule
        edit 1
            set action deny
            set prefix 0.0.0.0 0.0.0.0
            set exact-match enable
        next
            edit 2
                set prefix any
            next
        end
    next
end

Note:

Be sure to include the prefix/access-list list entry 'any', and ensure it is the last entry in the list. Otherwise, if a prefix/access-list is created with a single entry such as  'set prefix 0.0.0.0 0.0.0.0', this will block all BGP advertisements for the neighbor.

Add the the access-list to the BGP neighbor configuration for the required direction of "in":

FGT #config router bgp
    set as 3800
    config neighbor
        edit "172.17.0.1"
            set soft-reconfiguration enable
            set distribute-list-in "deny_default"
            set remote-as 600
        next
    end
end

Restart the BGP peering using the 'execute router clear bgp ip 172.17.0.1 soft' command and re-check the routing table.

After approximately 20 to 30 seconds, the prefix will be received from the neighbors.

FGT # get router info bgp summary
VRF 0 BGP router identifier 172.17.0.2, local AS number 3800
BGP table version is 1
2 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.17.0.1 4 600 6499 6476 0 0 0 00:21:39 3

Total number of neighbors 1

The default route from the BGP peer will no longer show in the routing table database:

FGT # get router info routing-table database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
V - BGP VPNv4
> - selected route, * - FIB route, p - stale info

Routing table for VRF=0
S *> 0.0.0.0/0 [10/0] via 10.47.31.254, port4, [1/0]
B *> 10.10.40.0/24 [20/0] via 172.17.0.1 (recursive via wirea26 tunnel 10.47.1.237), 00:22:07, [1/0]
B *> 10.10.45.0/24 [20/0] via 172.17.0.1 (recursive via wirea26 tunnel 10.47.1.237), 00:22:07, [1/0]
B *> 10.10.50.0/24 [20/0] via 172.17.0.1 (recursive via wirea26 tunnel 10.47.1.237), 00:22:07, [1/0]