Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
heyyo
New Contributor III

FortiGate Valid ROA for BGP

Hi,

 

I am looking to increase security for my BGP set up and found validated ROA payload, which can make a BGP announcement Valid or Invalid. Is this something that can be configured/done in FortiGate? I hope you can share official links about it.

 

Valid ROA links:

Using RPKI Data — RPKI documentation

Validated ROA Payload - Glossary | CSRC (nist.gov)

 

Thank you!

 

 

3 REPLIES 3
abelio
SuperUser
SuperUser

Hello heyyo
Unfortunately AFAIK, this feature (RPKI validation) is not -yet- available in FortiOS's BGP implementation.

Maybe this could be an opportunity to fill a request for feature with your local SE.   I'll do it again with mine.


There're another vendors with that feature available today, cisco, juniper, even mikrotik, etc. 

 

RIRs (unless in our zone - LACNIC-) are pushing and encouraging to ISPs and resource owners to deploy RPKI to validate theirs ROAs,

 

 

 

 

regards




/ Abel

regards / Abel
stevenp
New Contributor

Hi Guys,

I just want to revisit this because I am also looking to increase the security for our BGP AS with this feature.

 

If Fortigate don't have this feature, should we ask the ISP if this is the case on their side?

Is there something similar to this feature we could try implement on the BGP?

abelio

Hello stevenp

 

Do you own your public /24  block or more?  and use it doing peering or transit?

If so,  contact your local RiR where you get your IP blocks; each RiR provides mechanisms and tools to prevent BGP hijacking, etc

If not, is your ISP the responsible of take care of their public IP blocks with RPKI validation, setup of ROAs etc.

 

Hope it helps,

 

regards




/ Abel

regards / Abel
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors