Hi Team,
i am currently on the testing configuration for SD-WAN using IPSec tunnel and configure the iBGP routing.
i am not experienced with Forti SDWAN, so the image below is my topology :
WAN using static ip public.
if i am using static route
ISP 1 /28 same subnet and ISP 2 /29 same subnet.
destination 192.168.x.0/24 via interface SDWAN, from port.7 Site A can ping to port.7 Site B.
ipsec tunnel and sdwan status is up.
and then i want to change the routing from static route to iBGP routing. but i dont get the routing table for BGP.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @Dz,
Can you check and make sure BGP peering is up? Please refer to https://community.fortinet.com/t5/FortiGate/Troubleshooting-tips-for-FortiOS-routing-RIP-OSPF-BGP-st...
Regards,
Hi @hbac ,
below the summary bgp routing, currently my configuration stuck on Active state.
Site-Branch-A (root) # get router info bgp summary
VRF 0 BGP router identifier 10.10.20.1, local AS number 65000
BGP table version is 1
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.20.2 4 65000 0 0 0 0 0 never Active
10.10.30.2 4 65000 0 0 0 0 0 never Active
Total number of neighbors 2
Hi @Dz ,
Please make sure you configure the local and remote IPs on the Tunnel interface, i.e.:
config system interface
edit "Tunnel-ISP-X"
set vdom <VDOM-name>
set ip <local-IP> 255.255.255.255 #<----make sure to set this
set type tunnel
set remote-ip <remote-IP> #<----make sure to set this
set interface <physical-interface>
next
end
Please also make sure you can ping the remote BGP peer using the correct source IP ("exec ping-options source <local-IP>" and "exec ping <remote-IP>").
You can also run a packet sniffer in CLI (in VDOM context) to see if you send/receive ICMP or BGP packets ("diag sniffer packet any 'host x.x.x.x and (proto 1 or port 179)' 4 0 l" ).
For further info, please refer to the following article:
https://community.fortinet.com/t5/FortiGate/Technical-Note-Dynamic-routing-BGP-over-IPsec-tunnel/ta-...
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.