Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Rosalyn
Staff
Staff

Created on ‎05-21-2022 03:58 AM Edited on ‎08-21-2023 08:57 AM By Moderator

Article Id 212726

Troubleshooting Tip: How to make the BGP received route and redistribution static route show on the routing table at the same time

Description

This article describes how to make the BGP received route and redistribution static route show on the routing table at the same time.
Scope

FortiGate.
Solution

Consider the following network setup:


primary link: network 10.20.30.40/32 -> branch FortiGate (peer ID 10.47.2.97) --> BGP --> Hub FortiGate (peer ID 10.47.1.237) (distance 20)
secondary link: network 10.20.30.40/32 -> branch FortiGate ----> IPsec tunnel kvm22 ----> Hub FortiGate (distance 200)

 

Network 10.20.30.40/32 is the received-routes from bgp neighbors. This network is also the redistribute static route and is advertised to the BGP neighbor.
Both the static route and BGP received-routes must be installed on the routing table and BGP as preferred routes.

 

BGP will consider the redistributed static route preferred to the received routes, so it will not install the learned route into the routing-table.


It is possible to configure the received-route to have higher weight than the advertised-route in order to achieve this.

 

Hub FortiGate BGP output:


get router info bgp neighbors 10.47.2.97 received-routes
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 0.0.0.0/0 10.47.3.254 0 0 9225 ? <-/->
*> 10.20.30.40/32 10.47.2.97 0 0 9225 ? <-/-> <----- Weight is 0.

get router info bgp neighbors 10.47.2.97 advertised-routes
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.20.20.20/32 10.47.1.237 32768 0 ? <-/->
*> 10.20.30.40/32 10.47.1.237 32768 0 ? <-/-> <----- Weight is 32768.

 

On the hub, run config the route-map-in and provide a higher weight than 32768.


config router route-map

edit "receivedrouteweight"

config rule

edit 1

set set-weight 40000

next

end

next

end


config router bgp

config neighbor

edit "10.47.2.97"

set soft-reconfiguration enable

set remote-as 9225

set route-map-in "receivedrouteweight"

next

next

end

 

Restart the bgp:

 

execute router clear bgp all

 

Output on routing-table:


get router info routing-table database
B *> 10.20.30.40/32 [20/0] via 10.47.2.97, port1, 00:03:01 <----- Bgp as active route.
S 10.20.30.40/32 [200/0] via 172.16.18.1, kvm22 <----- Ipsec tunnel.
S 10.20.30.40/32 [254/0] is a summary, Null

 

get router info routing-table all
B 10.20.30.40/32 [20/0] via 10.47.2.97, port1, 00:03:48
Labels:
4884
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.