Hi all, I'm trying to advertise some prefixes to my ISP using BGP but don't see any messages originating from the Fortigate to the ISP.
The ranges are in my routing table either as a static route or connected range. I've been following a few examples from the documentation but always end up with:
fg01 (root) # get router info bgp neighbors 162.57.210.17 advertised-routes
% No prefix for neighbor 162.57.210.17
Current configuration is as follows:
config router prefix-list
edit "all_prefixes"
config rule
edit 1
set prefix 78.121.89.0 255.255.255.0
unset ge
unset le
next
edit 2
set prefix 78.121.88.128 255.255.255.192
unset ge
unset le
next
end
next
end
config router route-map
edit "Filter_route"
config rule
edit 1
set match-ip-address "all_prefixes"
unset set-ip-nexthop
unset set-ip6-nexthop
unset set-ip6-nexthop-local
unset set-originator-id
next
end
next
end
config router bgp
set as 64761
set router-id 162.57.210.18
set ebgp-multipath enable
set graceful-restart enable
config neighbor
edit "162.57.210.17"
set prefix-list-out "all_prefixes"
set remote-as 1518
next
end
config network
edit 1
set prefix 78.121.89.0 255.255.255.0
next
edit 2
set prefix 78.121.88.128 255.255.255.192
next
end
config redistribute "connected"
set status enable
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
set status enable
set route-map "Filter_route"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
Any suggestions would be very much appreciated.
Solved! Go to Solution.
Hello,
First, you don't need to filter routes under "redistribute static" as you are filtering them on neighbor level. But that's just cosmetic.
To your problem. Start from the beginning:
- Remove any filter and see if you are sending prefixes to the neighbor.
- Then verify that the prefix-list used for filtering is matching exactly the prefix+mask that you have in your routing-table.
- After every change you will do, soft-clear the BGP sesssion:
exec router clear bgp all soft
If you will have the same problem after you will prefix-list, you can enable BGP debug, hard clear BGP and see what FGT is doing with routes:
diag ip router bgp all en
diag ip router bgp nsm enable
diag ip router bgp level info
diag debug en
Hello,
First, you don't need to filter routes under "redistribute static" as you are filtering them on neighbor level. But that's just cosmetic.
To your problem. Start from the beginning:
- Remove any filter and see if you are sending prefixes to the neighbor.
- Then verify that the prefix-list used for filtering is matching exactly the prefix+mask that you have in your routing-table.
- After every change you will do, soft-clear the BGP sesssion:
exec router clear bgp all soft
If you will have the same problem after you will prefix-list, you can enable BGP debug, hard clear BGP and see what FGT is doing with routes:
diag ip router bgp all en
diag ip router bgp nsm enable
diag ip router bgp level info
diag debug en
Thank you very much. Removed the route route-map and learned via debugging that upstream required an MD5 password. Quite new to Fortigate and it's great to find an active community forum.
Hello,
to advertise a prefix, it must be active in the routing table as exactly was defined under 'config network'
If you want advertise the prefix without take in consideration above comment, add:
config router bgp
...
set network-import-check disable
...
end
And, as Adrian pointed above, try to avoid redistribute static; could be a headache in the future.
regards
/ Abel
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.