Hi,
Im running 600e appliance in my main branch.
All branches connected with MPLS and doing NAT to the internet from the main branch.
Last week I configured BGP with my ISP and advertised all the local subnets in my MPLS topology, and so far everything works fine.
The ISP just installed a secondary backup link for the BGP and another pair of IP addresses (customer IP, and ISP neighbour IP for me to set)
I'd like to know how should I configure the backup BGP link, I want to make sure the Fortigate uses only the primary link when they are both available.
I'm supposed I have to change costs or something ?
Very much appreciate,
Thanks.
Solved! Go to Solution.
I'm assuming you're running BGP on MPLS side only. There are multiple ways to choose from BGP attributes to differentiate multiple paths, but it has to be supported/passed through by your MPLS network provider. You have to ask them what can work with them.
But most common way is using communities: advertising community:1 (or no community) on the primary, then community:2 on the secondary. The receiving side sets local-preference higher (default is 100) on community:1 (or no community) routes then sets lower local-preference (like 99) on community:2 routes, so that the primary routes are always preferred.
There are many examples if you search on the internet. Even examples for other types of routers would be applicable after you translate syntax to FortiGate's. It's that common to use BGP this purpose.
Again, you need to ask your provider if they can pass community through their network. Some of them don't pass them on their edge routers.
Toshi
I'm assuming you're running BGP on MPLS side only. There are multiple ways to choose from BGP attributes to differentiate multiple paths, but it has to be supported/passed through by your MPLS network provider. You have to ask them what can work with them.
But most common way is using communities: advertising community:1 (or no community) on the primary, then community:2 on the secondary. The receiving side sets local-preference higher (default is 100) on community:1 (or no community) routes then sets lower local-preference (like 99) on community:2 routes, so that the primary routes are always preferred.
There are many examples if you search on the internet. Even examples for other types of routers would be applicable after you translate syntax to FortiGate's. It's that common to use BGP this purpose.
Again, you need to ask your provider if they can pass community through their network. Some of them don't pass them on their edge routers.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1742 | |
1113 | |
759 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.