Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jfgagnon
New Contributor II

Juniper to Fortigate BGP

Hello!

 

I'm trying to migrate from Juniper to fortigate and I have a hard time configuring BGP to work as the same way from Juniper to Fortigate,

 

Mainly to have the following settings in the Fortigate:

- neighbor 2.2.2.1 { - local-address 2.2.2.2;

- authentication-key "blabla2";

 

 

What would be the equivalent in Fortigate OS ?

 

 

Juniper config::

protocols { bgp { traceoptions { file bgp size 10m; } local-as 12345; group ISP1{ neighbor 1.1.1.1 { local-address 1.1.1.2; authentication-key "blabla1";

peer-as 55444; } } group ISP2{ neighbor 2.2.2.1 { local-address 2.2.2.2;

authentication-key "blabla2";

peer-as 44555 } } } stp; }

 

Thanks for your help !

3 Solutions
emnoc
Esteemed Contributor III

Easy

 

 

config router BGP

set as 12345

config neighbor

edit “2.2.2.1”

set remote-as 44555

set password BlahBlah

next end

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
Toshi_Esumi
Esteemed Contributor III

I don't think you can configure "local-address" though. It's decided by the interface the neighbor is connected on. 

View solution in original post

emnoc
Esteemed Contributor III

Not correct.

 

 

I believe the option exist as  "set update-source  interfacename"  and per neighbor, but I'm right in  front of FGT at this time to check.

 

ken

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
8 REPLIES 8
emnoc
Esteemed Contributor III

Easy

 

 

config router BGP

set as 12345

config neighbor

edit “2.2.2.1”

set remote-as 44555

set password BlahBlah

next end

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Toshi_Esumi
Esteemed Contributor III

I don't think you can configure "local-address" though. It's decided by the interface the neighbor is connected on. 

emnoc
Esteemed Contributor III

Not correct.

 

 

I believe the option exist as  "set update-source  interfacename"  and per neighbor, but I'm right in  front of FGT at this time to check.

 

ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Toshi_Esumi
Esteemed Contributor III

All right, Ken is right.

 

xxxx-fg1 (xx.xx.xx.xx) # get | grep update- update-source       :

jfgagnon

So it would look something like this??

 

config router BGP set as 12345 config neighbor

edit “1.1.1.1” set remote-as 55444 set password blabla1 set local-address 1.1.1.2 next

edit “2.2.2.1” set remote-as 44555 set password blabla2 set local-address 2.2.2.2 next

end

Toshi_Esumi
Esteemed Contributor III

Yes, although I haven't used local-address before. I know you know how to find these commands but for debugging/troubleshooting you can use:

"get router info bgp ?"

And almost all BGP related commands are underneath it.

For cleaing BGP:

"exe router clear bgp ?"

 

Toshi_Esumi
Esteemed Contributor III

It would be more helpful if I showed where in the hierarchy I executed above command.

 

xxxx-fg1 # config router bgp xxxx-fg1 (bgp) # config neighbor xxxx-fg1 (neighbor) # edit xx.xx.xx.xx

jfgagnon
New Contributor II

a

Labels
Top Kudoed Authors