That makes sense, just add another IP address to the WAN port to allow traffic to communicate. However, to get multihop working you ussually have to setup an update source. The CLI only allows me to select a port and not an IP. Is that an issue?

No the ebgp multihop and udate-source is per peer neighbor. If you use the external interface in your config, you don' t need to set update-source. If you use a loopback interface or some other internal interface than you must set the update-source to that interface. I would review bgp best-practices information on multi-hop and update-source, since 2 two items are NOT directly related to some degree. I work in a multi-access provider realm and we have hundreds if not closer to a thousand of bgp peers for our customer and upstreams. Almost all of our upstreams are source' d from loopbacks and the downstreams are source from that physical interface for that customer ( frame-relay, gre, ethertnet ) The eBGP-multi-hop is needed, when your peer is not on a directly-connected network. That' s all that that means. update-source just sets the update-source for that " neighbor" , almost always used when sourc' ing the tcp/179 session from a loopback.

I have a turn up call with the ISP next week. I' ll follow your advice and hopefully I can get it working that way. Thanks for info. I appreciate the help.

I am doing something wrong with my BGP setup. When I attempt to traceroute to my unit I get a routing loop between teh fortigate unit and my ISP. For some reason the Fortigate unit keeps routing the request back out again. Any ideas? Here is my BGP config: config router bgp set as AAAAA config neighbor edit " 2001:xxxx::1" set ebgp-enforce-multihop enable set remote-as BBBB set weight 200 next end config network6 edit 1 set prefix6 2620:xxxx::/48 next end set router-id C.C.C.C end ------------------------------- Interface Config: config system interface edit " wan1" set vdom " root" set ip x.x.x.x x.x.x.x set allowaccess ping https ssh set log enable set type physical set alias " 20mbps" config ipv6 set ip6-address 2620:xxxx::1/128 (Part of Announced IPv6 Address) set ip6-allowaccess ping https ssh config ip6-extra-addr edit 2001:xxxx:2222::2/64 next end end next end ------------------------------- Static Config: config router static6 edit 1 set device " wan1" set dst 2001:xxxx:1111::1/64 set gateway 2001:xxxx:2222::1 next end

If it' s a routing loop, you will need to get traces from the next-hop-gw. On your static routes, I would expect to see a /128 to the address of the bgp peer ( your ipv6 address for remote-as bbbb ) . i.e Static Config: config router static6 edit 1 set device " wan1" ! ! this should be the BGP ipv6 peer that your peering with ! set dst 2001:xxxx:1111::1/64 set gateway 2001:xxxx:2222::1 next end I have a hunch the address that you using is not the one they are expecting and the static route and the prefix your is statically routed by the carrier . A tcpdump as shown below, would confirm this. Outside of the above, it should be straight forward. I' m really surprise they don' t give you a /127 for peering between your AS-AAAA and AS-BBBB . Something like this; 2001:418:x:x::2C2/127 btw: on how you set the update source; you apply the set update-source under each neighbor. Make sure you diag packet sniffer traffic between the 2 peers that your expecting traffic for ( tcp and port 179 ).