Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ddabhade
Staff
Staff

Created on ‎01-13-2026 01:24 AM

Article Id 424093

Technical Tip : How to use firewall addresses and addresses groups to announce BGP network prefixes

Description This article describes how to use firewall addresses and address groups for BGP network prefix announcements.
Scope FortiGate.
Solution

From FortiOS v7.6.0, it is possible to configure the firewall addresses and groups when configuring BGP network prefixes.

 

BGP_TOPOLOGY.png

 

In this example FGT2 advertising 10.10.10.0/24, 10.10.20.0/24 and 10.10.30.0/24 prefixes to 'FGT1'.
Instead of configuring the three network prefixes, an address group is configured on 'FGT2' to announce the network to BGP.

 

To achieve this needs to enable the allow-routing setting in the firewall address and address group. By default, it is disabled. Enable this setting for all firewall addresses that want to advertise. Here, it is shown only for one firewall address.  

 

Address_config.png

 

Address_group_CLI.png

 

FortiGate Firewall Address Group in GUI :

 

Address_group.png

 

Configure this address group in BGP:

 

BGP_config.png

 

'FGT1' receives all three prefixes announced with the address group 'IP_Address_Group'.

 

Received Route.png
Labels:
135
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.