Flow rules to support multihop BFD (MBFD)

The FortiGate-7000E supports Multihop BFD for normal traffic and over IPsec VPN tunnels that are terminated by the FortiGate-7000E (see BFD for multihop path for BGP).

The multihop control protocol uses TCP and UDP traffic on port 4784. Multihop control traffic is not load balanced by DP processors. Instead, a flow rule is used to send all multihop control traffic to a single FPM.

The following flow rule has been added to the default flow rules for traffic that cannot be load balanced to send all multihop control traffic to the primary FPM. This flow rule should be enabled if you configure multihop BFD support on your FortiGate-7000E.

config load-balance flow-rule

edit 22

set status disable

set vlan 0

set ether-type ip

set protocol udp

set src-l4port 0-0

set dst-l4port 4784-4784

set action forward

set forward-slot master

set priority 5

set comment "Flow Rule for Multihop BFD"

end