Post

BGP on Firewalls

Posted
By Sena Perdiana 1 min read

Here’s the planned topology for BGP configuration across multiple firewalls

x


Here’s the BGP configuration on the Core Switch side

x


Here we can see the BGP is up and running

x

show bgp summary

x

show ip route bgp


Fortigate

On Forti side, enable BGP by giving it AS Number, Router ID and the BGP Neighbor

x


Then add the internal network to advertise

x


Here we can see the routes received by BGP

x

x

get router info routing-table bgp


Palo Alto

On Palo Alto, we enable BGP on the Virtual Router, here we enable the process, add AS Number, and define the BGP neighbor

x


Then on Redist Rules, we add the internal network to advertise

x


On Runtime Stats we can see the BGP process is up

x

x

show routing protocol bgp summary


On Local RIB we can see the routes that we receive from BGP

x

x

show routing protocol bgp


Check Point

On Check Point, we enable BGP by configuring Router ID, AS Number, and Peer Groups

x


On Route Redistribution, we add the internal interface to be advertised

x


We can see the BGP process on the monitoring tab

x

x

show bgp peer


Cisco FTD

On FTD managed by FMC, first we enabel BGP and give it AS Number

x


Then we add the BGP neighbor

x


And we also add the internal network to be advertised

x


Run this command to see the BGP process

x

system support diagnotic-cli
show bgp summary

x

show route bgp


Cisco ASA

Here’s the BGP configuration on ASA side

x


Run this command to verify the BGP process

x

show bgp summary
show route bgp


Networking, BGP
Check Point ASA Fortinet Palo Alto FTD
This post is licensed under CC BY 4.0 by the author.