Monthly Archives: January 2014

Dynamic Routing BGP Configuration for FortiGate

Hello All,

After switching static routing to dynamic routing with OSPF next level is create redundancy if one of the OSPF neighbor goes down.

Problem is with our Fortigate we can not achive OSPF redundancy with the network routers or L3 devices, then we switched to BGP and success about it.

Architecture is like below , two Juniper MX960 routers and a Fortigate 3600c firewall box. Fortigate outside interface and one interface from each routers are on same network like any /29 network for example ; MX960-1 xxx.yyy.zzz.1/29 , MX960-2 xxx.yyy.zzz.2/29 and FG3600C

Also we have additional network for inside which servers are behind for example ttt.yyy.zzz.0 /24

You have to provide this information’s from network guys also they have to provide AS number which we will use it in our configuration


You can do the %90 configuration from GUI also maybe need something via CLI.

On fortigate we are using firmware 5.x , configuration is done under one of the VDOM. You can access the screens from Virtual Domains and go under related VDOM, open Router , Dynamic and BGP section. You can see everything in one screen ­čśÇ

Screen Shot 2014-01-08 at 15.31.10

Set Local AS what provided from your network guys
Router ID will be your outside interface ip address in our example will be the peers in my example they are two MXs xxx.yyy.zzz.1 and xxx.yyy.zzz.2
No need to set the Networks because i will configure to advertise all my connected interfaces but if you want to you add the network want to advertise instead of advertise connected interface from CLI for example you can add ttt.yyy.zzz.0 /24

Now switch to CLI of Fortigate

config vdom
edit VDOM1 (choose your one)
config router bgp

end then execute this things

config redistribute connected

set status enable


Also in our config network guys extra configured next-hop-self configuration, a good post you can find from this link.

Some useful commands ;

Check the neighbors

get router info bgp neighbors

See the for such network which next hop is used

get router info bgp network

See the routing table

get router info routing-table details

Don’t forget to test failover scenarios because BGP converge time can be slow , need to play with timers, a good explanation about it in cisco community maybe can help you

Take a Care