Configuring BGP with 80F

Gentry38 · ‎01-22-2026

We are using Cisco routers for all our sites' BGP (MPLS via Lumen), and we're in the process of using the 80F to handle the BGP routing. We've never had any significant issues with the current network setup, but we need to decomm the Cisco due to EOL, and we don't want to spend more $$ if the 80F can handle the BGP routing. Has anyone had experience with FortiGate's BGP option? I have questions, and I would greatly appreciate any feedback. Also, we plan to replace our Cisco switches with FortiSwitch 248E-FPOE to centralize management.

What is the router ID in Network > BGP? Is this just an arbitrary, unique ID I assign to the 80F?
Some tutorials advertise the BGP IP subnet, and others only advertise the internal subnet. Which subnets do I advertise?
For voice traffic, ours is currently configured to route directly to the RingCentral data centers, with failovers also configured. But in the event of a complete outage (which happened 2x), how do I route the voice traffic to the internet (we know it's best-effort and not ideal)? Do I set up SDWAN for this?

Thanks

Jan Santiago

funkylicious · ‎01-22-2026

1. https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-check-the-BGP-router-id-using-the-C...

2. if you already have a bgp setup on Cisco, you should create a similar config on the FGT

3. you maintain your current setup. im sure that any config you have for voice you can replicate on the FGT

"jack of all trades, master of none"

Gentry38 · ‎01-22-2026

Thanks for the feedback.

Jan Santiago

Toshi_Esumi · ‎01-22-2026

1. router ID is not bound to any hardware. You just name it whatever you want. You just want to make it unique in your BGP network.

2. if you search through the internet, you would find like this easilly.

https://docs.fortinet.com/document/fortigate/7.6.5/administration-guide/763341/basic-bgp-example
3. That's depending on what is "complete outage". What do you have with Cisco now? Do you have multiple ISP internet circuit in addition to Lumen MPLS circuit?

FGT's BGP functions are (I'm guessing) copied from Cisco's. It behaves in the same way most part with Cisco, compared to other vendors like Juniper. You would find equivalent CLI commands you're using in Cisco when you google like "FortiGate equivalent Cisco CLI <command_line>".

Toshi

Gentry38 · ‎01-22-2026

Thanks for the feedback.

For #3, yes, one of our sites (not all) has multiple ISPs. What I meant by "complete outage" was that the MPLS circuit went down completely (Lumen's equipment failed), RC's failover never occurred, but the ISP remained up. In this scenario, do I set up SDWAN to route voice traffic to the internet?

Jan Santiago

Toshi_Esumi · ‎01-22-2026

You said "route directly to the RingCentral data centers". Did you mean there is a direct VPN from Lumen MPLS network into RC datacenters? If that's the case changing path to over the internet might not work. It's a question to RingCentral, first.
If RC side is ok changing the source IP to another one from local ISPs, you must have a setup for the routes to RC DC subnets to disappear from Lumen advertised BGP routes. My guess is that part is not working. That should be enough to fail over to local ISP's default route. Changing the Cisco route to FGT wouldn't change that fail-over setting. You have to fix the current fail-over problem first.

Toshi

Gentry38 · ‎01-22-2026

That is correct. We have a direct VPN from Lumen to RC data centers (west coast offices connect to the San Jose DC, and if there is an outage, traffic will be rerouted to the Virginia DC -- same/vice versa for our Midwest and east offices). To add, we have an isolated network (DIA only) with no direct route to the RC DCs. If I connect a phone (pre-configured with our settings), it will auto-provision and connect to the RC servers, and calls are routed to the internet.

I was kinda hoping SD-WAN could be configured to monitor links to the San Jose and Virginia DCs, and, in the event of a complete outage, route voice traffic to the internet and fail back once the MPLS is back up.

Thanks again for replying. I'm new to the FortiGate world, and I'm open to any suggestions or feedback.

Jan Santiago

Toshi_Esumi · ‎01-22-2026

As you just said that fail-over from SJC to VA failover is done by BGP through/inside of Lumen MPLS network. And those routes should be advertised to each locations over BGP. When both fail, those BGP routes should disappear from the MPLS advertsed routes and each location can failover to the local internet by following the default route(s) to the local ISP(s).

Did you confirm that's not what's happening when the MPLS circuit go down? It should happen without SD-WAN or whatver the method you wan to try. Or if the BGP routes don't disappear, even SD-WAN wouldn't do anything you're hoping.
I think you need to take the MPLS circuit down in a maintenance window and why that fail-over to the ISP doesn't work. My guess is it's working but RC isn't recognizing or accepting the phone re-provisioning/relocation over the ISP(s).

Toshi

Configuring BGP with 80F

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website