It is actually quite simple of a setup, even if you didn't configure BGP before:
- Set up Fortigate (FGT) WAN interfaces with relevant /30 IPs and verify the links and IPs work fine - pinging point-to-point, loading line with laptop if it is a new line.
- Configure BGP on the FGT
Regarding BGP - as this is a small (/29) pool, it means you are getting Provider Assigned (PA) IPs, not your own AS numbered, so you will have to set on your side Private AS, say 65001. Also, you should ask your provider whether you need to add AS Path prepends for the /29 you advertise via Backup line or they will do this backup/main line manipulation on their side. If they say you should advertise /29 with prepends over the Backup line, this will add route-map config on your FGT. If not - it is the most basic set up at all.
E.g. let's say Main Line IP is 12.12.12.1/30 and is set on port1 in FGT, and Backup line is 13.13.13.1/30 on the port2 in FGT, AS number of your ISP is AS 1680, and you advertise 10.10.10.0/29 which is configured as directly connected on the FGT, then :
Interface config:
config sys int
edit port1
set ip 12.12.12.1/30
next
edit port2
set ip 13.13.13.1/30
end
BGP
1. Route-map to add prepends
config router route-map
edit "prepend-out"
config rule
edit 1
set set-aspath "65001 65001"
next
end
next
end2. BGP neighboring
config router bgp
set as 65001
config neighbor
edit "12.12.12.2"
set remote-as 1680
set weight 10
next
edit "13.13.13.2"
set remote-as 1680
set route-map-out "prepend-out"
next
end
config redistribute "connected"
set status enable
end
That is it.
N.B. Example is taken verbatim from my blog post, there are more case scenarios there https://yurisk.info/2020/05/20/fortigate-bgp-cookbook-of-example-configuration-and-debug/#ee1
