Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rbarnes
Staff
Staff

Created on ‎01-09-2025 10:11 PM

Article Id 367841

Troubleshooting Tip: BGP route coming from an unexpected interface

 

Description

This article describes a scenario where a BGP route comes from an unexpected interface. In this scenario, an IPsec VPN tunnel setup with BGP is used.
Scope FortiGate.
Solution

A BGP route is coming from an unexpected interface. The expected behavior is it should be listed for the tunnel.

 

For example:

 

get router info routing-table bgp

Routing table for VRF=0

B       192.168.33.0/24 [200/0] via 192.168.194.50 (recursive is directly connected, port3), 00:11:48, [1/0]

 

To fix this issue run the following commands:

 

config router bgp

    config neighbor

        edit "10.150.70.2"

            set next-hop-self enable

            set remote-as 6520

        next

end

 

This can also be done on the GUI.

 

bgpunexpectedinterfaceb.png

 

bgpunexpectedinterface2b.png

 

get router info routing-table all

  Routing table for VRF=0

S*      0.0.0.0/0 [10/0] via 10.9.15.254, port1, [1/0]

C       10.9.0.0/20 is directly connected, port1

C       10.150.70.1/32 is directly connected, bgpfun

S       10.150.70.2/32 [5/0] via bgpfun tunnel 192.168.194.50, [1/0]

B       192.168.33.0/24 [200/0] via 10.150.70.2 (recursive via bgpfun tunnel 192.168.194.50), 1d22h28m, [1/0]

 

321
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.