FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes a behavior where FortiGate Hub is not sharing the routes received from a FortiGate Spoke to other Spokes.
Scope
FortiGate ADVPN Topology.
Solution
FortiGate Spoke is configured to share the routes with no route restrictions:
config router bgp set as 64520 set router-id 10.24.1.42 set ibgp-multipath enable set additional-path enable config neighbor edit "10.24.1.1"|10.24.2.1 --> 6.1 set soft-reconfiguration enable set remote-as 64520
FortiGate HUB is receiving the routes, but is not sharing the routes with the other Spokes:
config router bgp set as 64520 set router-id 10.24.6.63 set ibgp-multipath enable config neighbor edit "10.24.6.1" | "10.24.2.1" set soft-reconfiguration enable set remote-as 64520 set update-source "vpn-internet2" set additional-path both
Solution:
In the BGP neighbors configuration, in FortiGate HUB, enable the route reflector feature:
config router bgp config neighbor edit "10.24.2.1" set route-reflector-client enable next
