Hi,
I am looking to increase security for my BGP set up and found validated ROA payload, which can make a BGP announcement Valid or Invalid. Is this something that can be configured/done in FortiGate? I hope you can share official links about it.
Valid ROA links:
Using RPKI Data — RPKI documentation
Validated ROA Payload - Glossary | CSRC (nist.gov)
Thank you!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello heyyo
Unfortunately AFAIK, this feature (RPKI validation) is not -yet- available in FortiOS's BGP implementation.
Maybe this could be an opportunity to fill a request for feature with your local SE. I'll do it again with mine.
There're another vendors with that feature available today, cisco, juniper, even mikrotik, etc.
RIRs (unless in our zone - LACNIC-) are pushing and encouraging to ISPs and resource owners to deploy RPKI to validate theirs ROAs,
regards
/ Abel
Hi Guys,
I just want to revisit this because I am also looking to increase the security for our BGP AS with this feature.
If Fortigate don't have this feature, should we ask the ISP if this is the case on their side?
Is there something similar to this feature we could try implement on the BGP?
Hello stevenp
Do you own your public /24 block or more? and use it doing peering or transit?
If so, contact your local RiR where you get your IP blocks; each RiR provides mechanisms and tools to prevent BGP hijacking, etc
If not, is your ISP the responsible of take care of their public IP blocks with RPKI validation, setup of ROAs etc.
Hope it helps,
regards
/ Abel
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.