Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
varda
New Contributor

BGP Question

Hey,

 

So we are getting two internet connections (Primary/Secondary) from a Single Service Provider. SP provides a single Public ASN.

He provides two sets of /30 addresses for the two interfaces and a single /29 LAN Subnet.

 

Need to terminate the two links directly on the Fortinet Firewall and configure BGP with the same public ASN number for both the links. How can I do this. ?

 

Thanks a ton. Will be a lot of help if someone throws light.

1 REPLY 1
Yurisk
Valued Contributor

It is actually quite simple of a setup, even if you didn't configure BGP before:

 

  1. Set up Fortigate (FGT) WAN interfaces with relevant /30 IPs and verify the links and IPs work fine - pinging point-to-point, loading line with laptop if it is a new line.
  2. Configure BGP on the FGT

Regarding BGP - as this is a small (/29) pool, it means you are getting Provider Assigned (PA) IPs, not your own AS numbered, so you will have to set on your side Private AS, say 65001. Also, you should ask your provider whether you need to add AS Path prepends for the /29 you advertise via Backup line or they will do this backup/main line manipulation on their side. If they say you should advertise /29 with prepends over the Backup line, this will add route-map config on your FGT. If not - it is the most basic set up at all.

 

E.g. let's say Main Line IP is 12.12.12.1/30 and is set on port1 in FGT,  and Backup line is 13.13.13.1/30 on the port2 in FGT, AS number of your ISP is AS 1680, and you advertise 10.10.10.0/29 which is configured as directly connected on the FGT, then :

 

Interface config:

 

config sys int

edit port1

set ip 12.12.12.1/30

next

edit port2

set ip 13.13.13.1/30

end

 

BGP

 

1. Route-map to add prepends

config router route-map
    edit "prepend-out"
        config rule
            edit 1
                set set-aspath "65001 65001"
            next
        end
    next
end

2. BGP neighboring

 

config router bgp
    set as 65001
    config neighbor
        edit "12.12.12.2"
            set remote-as 1680
            set weight 10
        next
        edit "13.13.13.2"
            set remote-as 1680
            set route-map-out "prepend-out"
        next
    end
    config redistribute "connected"
        set status enable
    end

 

That is it.

 

N.B. Example is taken verbatim from my blog post, there are more case scenarios there https://yurisk.info/2020/05/20/fortigate-bgp-cookbook-of-example-configuration-and-debug/#ee1 

 

 

 

 

 

 

 

 

 

 

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.


All opinions are mine only.