Dynamic Routing BGP Configuration for FortiGate

Hello All,

After switching static routing to dynamic routing with OSPF next level is create redundancy if one of the OSPF neighbor goes down.

Problem is with our Fortigate we can not achive OSPF redundancy with the network routers or L3 devices, then we switched to BGP and success about it.

Architecture is like below , two Juniper MX960 routers and a Fortigate 3600c firewall box. Fortigate outside interface and one interface from each routers are on same network like any /29 network for example ; MX960-1 xxx.yyy.zzz.1/29 , MX960-2 xxx.yyy.zzz.2/29 and FG3600C xxx.yyy.xxx.3/29

Also we have additional network for inside which servers are behind for example ttt.yyy.zzz.0 /24

You have to provide this information’s from network guys also they have to provide AS number which we will use it in our configuration

BGP_F_MX

You can do the %90 configuration from GUI also maybe need something via CLI.

On fortigate we are using firmware 5.x , configuration is done under one of the VDOM. You can access the screens from Virtual Domains and go under related VDOM, open Router , Dynamic and BGP section. You can see everything in one screen😀

Screen Shot 2014-01-08 at 15.31.10

Set Local AS what provided from your network guys
Router ID will be your outside interface ip address in our example xxx.yyy.xxx.3Neighbors will be the peers in my example they are two MXs xxx.yyy.zzz.1 and xxx.yyy.zzz.2
No need to set the Networks because i will configure to advertise all my connected interfaces but if you want to you add the network want to advertise instead of advertise connected interface from CLI for example you can add ttt.yyy.zzz.0 /24

Now switch to CLI of Fortigate

config vdom
edit VDOM1 (choose your one)
config router bgp

end then execute this things

config redistribute connected

set status enable

end

Also in our config network guys extra configured next-hop-self configuration, a good post you can find from this link.

Some useful commands ;

Check the neighbors

get router info bgp neighbors

See the for such network which next hop is used

get router info bgp network

See the routing table

get router info routing-table details

Don’t forget to test failover scenarios because BGP converge time can be slow , need to play with timers, a good explanation about it in cisco community maybe can help you

Take a Care
VM

Posted on 08/01/2014, in Fortigate and tagged , , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: