Dynamic Routing BGP Configuration for FortiGate
After switching static routing to dynamic routing with OSPF next level is create redundancy if one of the OSPF neighbor goes down.
Problem is with our Fortigate we can not achive OSPF redundancy with the network routers or L3 devices, then we switched to BGP and success about it.
Architecture is like below , two Juniper MX960 routers and a Fortigate 3600c firewall box. Fortigate outside interface and one interface from each routers are on same network like any /29 network for example ; MX960-1 xxx.yyy.zzz.1/29 , MX960-2 xxx.yyy.zzz.2/29 and FG3600C xxx.yyy.xxx.3/29
Also we have additional network for inside which servers are behind for example ttt.yyy.zzz.0 /24
You have to provide this information’s from network guys also they have to provide AS number which we will use it in our configuration
You can do the %90 configuration from GUI also maybe need something via CLI.
On fortigate we are using firmware 5.x , configuration is done under one of the VDOM. You can access the screens from Virtual Domains and go under related VDOM, open Router , Dynamic and BGP section. You can see everything in one screen😀
Set Local AS what provided from your network guys
Router ID will be your outside interface ip address in our example xxx.yyy.xxx.3Neighbors will be the peers in my example they are two MXs xxx.yyy.zzz.1 and xxx.yyy.zzz.2
No need to set the Networks because i will configure to advertise all my connected interfaces but if you want to you add the network want to advertise instead of advertise connected interface from CLI for example you can add ttt.yyy.zzz.0 /24
Now switch to CLI of Fortigate
edit VDOM1 (choose your one)
config router bgp
end then execute this things
config redistribute connected
set status enable
Also in our config network guys extra configured next-hop-self configuration, a good post you can find from this link.
Some useful commands ;
Check the neighbors
get router info bgp neighbors
See the for such network which next hop is used
get router info bgp network
See the routing table
get router info routing-table details
Don’t forget to test failover scenarios because BGP converge time can be slow , need to play with timers, a good explanation about it in cisco community maybe can help you
Take a Care