- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiGate Valid ROA for BGP
Hi,
I am looking to increase security for my BGP set up and found validated ROA payload, which can make a BGP announcement Valid or Invalid. Is this something that can be configured/done in FortiGate? I hope you can share official links about it.
Valid ROA links:
Using RPKI Data — RPKI documentation
Validated ROA Payload - Glossary | CSRC (nist.gov)
Thank you!
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello heyyo
Unfortunately AFAIK, this feature (RPKI validation) is not -yet- available in FortiOS's BGP implementation.
Maybe this could be an opportunity to fill a request for feature with your local SE. I'll do it again with mine.
There're another vendors with that feature available today, cisco, juniper, even mikrotik, etc.
RIRs (unless in our zone - LACNIC-) are pushing and encouraging to ISPs and resource owners to deploy RPKI to validate theirs ROAs,
regards
/ Abel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Guys,
I just want to revisit this because I am also looking to increase the security for our BGP AS with this feature.
If Fortigate don't have this feature, should we ask the ISP if this is the case on their side?
Is there something similar to this feature we could try implement on the BGP?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello stevenp
Do you own your public /24 block or more? and use it doing peering or transit?
If so, contact your local RiR where you get your IP blocks; each RiR provides mechanisms and tools to prevent BGP hijacking, etc
If not, is your ISP the responsible of take care of their public IP blocks with RPKI validation, setup of ROAs etc.
Hope it helps,
regards
/ Abel