Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

router bgp

Use this command to set or unset BGP-4 routing parameters. BGP can be used to perform Classless Interdomain Routing (CIDR) and to route traffic between different autonomous systems or domains using an alternative route if a link between a FortiGate and a BGP peer (such as an ISP router) fails. FortiOS BGP4 complies with RFC 1771 and supports IPv4 addressing.

When BGP is enabled, the FortiGate sends routing table updates to the upstream ISP router whenever any part of the routing table changes. The update advertises which routes can be used to reach the FortiGate. In this way, routes are made known from the border of the internal network outwards (routes are pushed forward) instead of relying on upstream routers to propagate alternative paths to the FortiGate.

FortiGate BGP supports the following extensions to help manage large numbers of BGP peers:

  • Communities — The FortiGate can set the COMMUNITY attribute of a route to assign the route to predefined paths (see RFC 1997). The FortiGate can also examine the COMMUNITY attribute of learned routes to perform local filtering and/or redistribution.
  • Internal BGP (IBGP) route reflectors — The FortiGate can operate as a route reflector or participate as a client in a cluster of IBGP peers (see RFC 1966).
  • External BGP (EBGP) confederations — The FortiGate can operate as a confederation member, using its AS confederation identifier in all transactions with peers that are not members of its confederation (see RFC 3065).

FortiOS supports IPv6 over BGP4 via the BGP4+ protocol defined in RFC 2545 and RFC 2858. IPv6 configuration for BGP is accomplished with the aggregate-address6, network6, and redistribute6 variables. Also almost every variable in config neighbor has an IPv4 and IPv6 version such as activate and activate6.

config router bgp
    set as {integer}   Router AS number, valid from 1 to 4294967295, 0 to disable BGP. range[0-4294967295]
    set router-id {ipv4 address any}   Router ID.
    set keepalive-timer {integer}   Frequency to send keep alive requests. range[0-65535]
    set holdtime-timer {integer}   Number of seconds to mark peer as dead. range[3-65535]
    set always-compare-med {enable | disable}   Enable/disable always compare MED.
    set bestpath-as-path-ignore {enable | disable}   Enable/disable ignore AS path.
    set bestpath-cmp-confed-aspath {enable | disable}   Enable/disable compare federation AS path length.
    set bestpath-cmp-routerid {enable | disable}   Enable/disable compare router ID for identical EBGP paths.
    set bestpath-med-confed {enable | disable}   Enable/disable compare MED among confederation paths.
    set bestpath-med-missing-as-worst {enable | disable}   Enable/disable treat missing MED as least preferred.
    set client-to-client-reflection {enable | disable}   Enable/disable client-to-client route reflection.
    set dampening {enable | disable}   Enable/disable route-flap dampening.
    set deterministic-med {enable | disable}   Enable/disable enforce deterministic comparison of MED.
    set ebgp-multipath {enable | disable}   Enable/disable EBGP multi-path.
    set ibgp-multipath {enable | disable}   Enable/disable IBGP multi-path.
    set enforce-first-as {enable | disable}   Enable/disable enforce first AS for EBGP routes.
    set fast-external-failover {enable | disable}   Enable/disable reset peer BGP session if link goes down.
    set log-neighbour-changes {enable | disable}   Enable logging of BGP neighbour's changes
    set network-import-check {enable | disable}   Enable/disable ensure BGP network route exists in IGP.
    set ignore-optional-capability {enable | disable}   Don't send unknown optional capability notification message
    set cluster-id {ipv4 address any}   Route reflector cluster ID.
    set confederation-identifier {integer}   Confederation identifier. range[1-4294967295]
    config confederation-peers
        edit {peer}
        # Confederation peers.
            set peer {string}   Peer ID. size[64]
        next
    set dampening-route-map {string}   Criteria for dampening. size[35] - datasource(s): router.route-map.name
    set dampening-reachability-half-life {integer}   Reachability half-life time for penalty (min). range[1-45]
    set dampening-reuse {integer}   Threshold to reuse routes. range[1-20000]
    set dampening-suppress {integer}   Threshold to suppress routes. range[1-20000]
    set dampening-max-suppress-time {integer}   Maximum minutes a route can be suppressed. range[1-255]
    set dampening-unreachability-half-life {integer}   Unreachability half-life time for penalty (min). range[1-45]
    set default-local-preference {integer}   Default local preference. range[0-4294967295]
    set scan-time {integer}   Background scanner interval (sec), 0 to disable it. range[5-60]
    set distance-external {integer}   Distance for routes external to the AS. range[1-255]
    set distance-internal {integer}   Distance for routes internal to the AS. range[1-255]
    set distance-local {integer}   Distance for routes local to the AS. range[1-255]
    set synchronization {enable | disable}   Enable/disable only advertise routes from iBGP if routes present in an IGP.
    set graceful-restart {enable | disable}   Enable/disable BGP graceful restart capabilities.
    set graceful-restart-time {integer}   Time needed for neighbors to restart (sec). range[1-3600]
    set graceful-stalepath-time {integer}   Time to hold stale paths of restarting neighbor (sec). range[1-3600]
    set graceful-update-delay {integer}   Route advertisement/selection delay after restart (sec). range[1-3600]
    set graceful-end-on-timer {enable | disable}   Enable/disable to exit graceful restart on timer only.
    config aggregate-address
        edit {id}
        # BGP aggregate address table.
            set id {integer}   ID. range[0-4294967295]
            set prefix {ipv4 classnet any}   Aggregate prefix.
            set as-set {enable | disable}   Enable/disable generate AS set path information.
            set summary-only {enable | disable}   Enable/disable filter more specific routes from updates.
        next
    config aggregate-address6
        edit {id}
        # BGP IPv6 aggregate address table.
            set id {integer}   ID. range[0-4294967295]
            set prefix6 {ipv6 prefix}   Aggregate IPv6 prefix.
            set as-set {enable | disable}   Enable/disable generate AS set path information.
            set summary-only {enable | disable}   Enable/disable filter more specific routes from updates.
        next
    config neighbor
        edit {ip}
        # BGP neighbor table.
            set ip {string}   IP/IPv6 address of neighbor. size[45]
            set advertisement-interval {integer}   Minimum interval (sec) between sending updates. range[1-600]
            set allowas-in-enable {enable | disable}   Enable/disable IPv4 Enable to allow my AS in AS path.
            set allowas-in-enable6 {enable | disable}   Enable/disable IPv6 Enable to allow my AS in AS path.
            set allowas-in {integer}   IPv4 The maximum number of occurrence of my AS number allowed. range[1-10]
            set allowas-in6 {integer}   IPv6 The maximum number of occurrence of my AS number allowed. range[1-10]
            set attribute-unchanged {as-path | med | next-hop}   IPv4 List of attributes that should be unchanged.
                    as-path   AS path.
                    med       MED.
                    next-hop  Next hop.
            set attribute-unchanged6 {as-path | med | next-hop}   IPv6 List of attributes that should be unchanged.
                    as-path   AS path.
                    med       MED.
                    next-hop  Next hop.
            set activate {enable | disable}   Enable/disable address family IPv4 for this neighbor.
            set activate6 {enable | disable}   Enable/disable address family IPv6 for this neighbor.
            set bfd {enable | disable}   Enable/disable BFD for this neighbor.
            set capability-dynamic {enable | disable}   Enable/disable advertise dynamic capability to this neighbor.
            set capability-orf {none | receive | send | both}   Accept/Send IPv4 ORF lists to/from this neighbor.
                    none     None.
                    receive  Receive ORF lists.
                    send     Send ORF list.
                    both     Send and receive ORF lists.
            set capability-orf6 {none | receive | send | both}   Accept/Send IPv6 ORF lists to/from this neighbor.
                    none     None.
                    receive  Receive ORF lists.
                    send     Send ORF list.
                    both     Send and receive ORF lists.
            set capability-graceful-restart {enable | disable}   Enable/disable advertise IPv4 graceful restart capability to this neighbor.
            set capability-graceful-restart6 {enable | disable}   Enable/disable advertise IPv6 graceful restart capability to this neighbor.
            set capability-route-refresh {enable | disable}   Enable/disable advertise route refresh capability to this neighbor.
            set capability-default-originate {enable | disable}   Enable/disable advertise default IPv4 route to this neighbor.
            set capability-default-originate6 {enable | disable}   Enable/disable advertise default IPv6 route to this neighbor.
            set dont-capability-negotiate {enable | disable}   Don't negotiate capabilities with this neighbor
            set ebgp-enforce-multihop {enable | disable}   Enable/disable allow multi-hop EBGP neighbors.
            set link-down-failover {enable | disable}   Enable/disable failover upon link down.
            set stale-route {enable | disable}   Enable/disable stale route after neighbor down.
            set next-hop-self {enable | disable}   Enable/disable IPv4 next-hop calculation for this neighbor.
            set next-hop-self6 {enable | disable}   Enable/disable IPv6 next-hop calculation for this neighbor.
            set override-capability {enable | disable}   Enable/disable override result of capability negotiation.
            set passive {enable | disable}   Enable/disable sending of open messages to this neighbor.
            set remove-private-as {enable | disable}   Enable/disable remove private AS number from IPv4 outbound updates.
            set remove-private-as6 {enable | disable}   Enable/disable remove private AS number from IPv6 outbound updates.
            set route-reflector-client {enable | disable}   Enable/disable IPv4 AS route reflector client.
            set route-reflector-client6 {enable | disable}   Enable/disable IPv6 AS route reflector client.
            set route-server-client {enable | disable}   Enable/disable IPv4 AS route server client.
            set route-server-client6 {enable | disable}   Enable/disable IPv6 AS route server client.
            set shutdown {enable | disable}   Enable/disable shutdown this neighbor.
            set soft-reconfiguration {enable | disable}   Enable/disable allow IPv4 inbound soft reconfiguration.
            set soft-reconfiguration6 {enable | disable}   Enable/disable allow IPv6 inbound soft reconfiguration.
            set as-override {enable | disable}   Enable/disable replace peer AS with own AS for IPv4.
            set as-override6 {enable | disable}   Enable/disable replace peer AS with own AS for IPv6.
            set strict-capability-match {enable | disable}   Enable/disable strict capability matching.
            set default-originate-routemap {string}   Route map to specify criteria to originate IPv4 default. size[35] - datasource(s): router.route-map.name
            set default-originate-routemap6 {string}   Route map to specify criteria to originate IPv6 default. size[35] - datasource(s): router.route-map.name
            set description {string}   Description. size[63]
            set distribute-list-in {string}   Filter for IPv4 updates from this neighbor. size[35] - datasource(s): router.access-list.name
            set distribute-list-in6 {string}   Filter for IPv6 updates from this neighbor. size[35] - datasource(s): router.access-list6.name
            set distribute-list-out {string}   Filter for IPv4 updates to this neighbor. size[35] - datasource(s): router.access-list.name
            set distribute-list-out6 {string}   Filter for IPv6 updates to this neighbor. size[35] - datasource(s): router.access-list6.name
            set ebgp-multihop-ttl {integer}   EBGP multihop TTL for this peer. range[1-255]
            set filter-list-in {string}   BGP filter for IPv4 inbound routes. size[35] - datasource(s): router.aspath-list.name
            set filter-list-in6 {string}   BGP filter for IPv6 inbound routes. size[35] - datasource(s): router.aspath-list.name
            set filter-list-out {string}   BGP filter for IPv4 outbound routes. size[35] - datasource(s): router.aspath-list.name
            set filter-list-out6 {string}   BGP filter for IPv6 outbound routes. size[35] - datasource(s): router.aspath-list.name
            set interface {string}   Interface size[15] - datasource(s): system.interface.name
            set maximum-prefix {integer}   Maximum number of IPv4 prefixes to accept from this peer. range[1-4294967295]
            set maximum-prefix6 {integer}   Maximum number of IPv6 prefixes to accept from this peer. range[1-4294967295]
            set maximum-prefix-threshold {integer}   Maximum IPv4 prefix threshold value (1 - 100 percent). range[1-100]
            set maximum-prefix-threshold6 {integer}   Maximum IPv6 prefix threshold value (1 - 100 percent). range[1-100]
            set maximum-prefix-warning-only {enable | disable}   Enable/disable IPv4 Only give warning message when limit is exceeded.
            set maximum-prefix-warning-only6 {enable | disable}   Enable/disable IPv6 Only give warning message when limit is exceeded.
            set prefix-list-in {string}   IPv4 Inbound filter for updates from this neighbor. size[35] - datasource(s): router.prefix-list.name
            set prefix-list-in6 {string}   IPv6 Inbound filter for updates from this neighbor. size[35] - datasource(s): router.prefix-list6.name
            set prefix-list-out {string}   IPv4 Outbound filter for updates to this neighbor. size[35] - datasource(s): router.prefix-list.name
            set prefix-list-out6 {string}   IPv6 Outbound filter for updates to this neighbor. size[35] - datasource(s): router.prefix-list6.name
            set remote-as {integer}   AS number of neighbor. range[1-4294967295]
            set local-as {integer}   Local AS number of neighbor. range[0-4294967295]
            set local-as-no-prepend {enable | disable}   Do not prepend local-as to incoming updates.
            set local-as-replace-as {enable | disable}   Replace real AS with local-as in outgoing updates.
            set retain-stale-time {integer}   Time to retain stale routes. range[0-65535]
            set route-map-in {string}   IPv4 Inbound route map filter. size[35] - datasource(s): router.route-map.name
            set route-map-in6 {string}   IPv6 Inbound route map filter. size[35] - datasource(s): router.route-map.name
            set route-map-out {string}   IPv4 Outbound route map filter. size[35] - datasource(s): router.route-map.name
            set route-map-out6 {string}   IPv6 Outbound route map filter. size[35] - datasource(s): router.route-map.name
            set send-community {standard | extended | both | disable}   IPv4 Send community attribute to neighbor.
                    standard  Standard.
                    extended  Extended.
                    both      Both.
                    disable   Disable
            set send-community6 {standard | extended | both | disable}   IPv6 Send community attribute to neighbor.
                    standard  Standard.
                    extended  Extended.
                    both      Both.
                    disable   Disable
            set keep-alive-timer {integer}   Keep alive timer interval (sec). range[0-65535]
            set holdtime-timer {integer}   Interval (sec) before peer considered dead. range[3-65535]
            set connect-timer {integer}   Interval (sec) for connect timer. range[0-65535]
            set unsuppress-map {string}   IPv4 Route map to selectively unsuppress suppressed routes. size[35] - datasource(s): router.route-map.name
            set unsuppress-map6 {string}   IPv6 Route map to selectively unsuppress suppressed routes. size[35] - datasource(s): router.route-map.name
            set update-source {string}   Interface to use as source IP/IPv6 address of TCP connections. size[15] - datasource(s): system.interface.name
            set weight {integer}   Neighbor weight. range[0-65535]
            set restart-time {integer}   Graceful restart delay time (sec, 0 = global default). range[0-3600]
            set password {password_string}   Password used in MD5 authentication. size[128]
            config conditional-advertise
                edit {advertise-routemap}
                # Conditional advertisement.
                    set advertise-routemap {string}   Name of advertising route map. size[35] - datasource(s): router.route-map.name
                    set condition-routemap {string}   Name of condition route map. size[35] - datasource(s): router.route-map.name
                    set condition-type {exist | non-exist}   Type of condition.
                            exist      True if condition route map is matched.
                            non-exist  True if condition route map is not matched.
                next
        next
    config neighbor-group
        edit {name}
        # BGP neighbor group table.
            set name {string}   Neighbor group name. size[45]
            set advertisement-interval {integer}   Minimum interval (sec) between sending updates. range[1-600]
            set allowas-in-enable {enable | disable}   Enable/disable IPv4 Enable to allow my AS in AS path.
            set allowas-in-enable6 {enable | disable}   Enable/disable IPv6 Enable to allow my AS in AS path.
            set allowas-in {integer}   IPv4 The maximum number of occurrence of my AS number allowed. range[1-10]
            set allowas-in6 {integer}   IPv6 The maximum number of occurrence of my AS number allowed. range[1-10]
            set attribute-unchanged {as-path | med | next-hop}   IPv4 List of attributes that should be unchanged.
                    as-path   AS path.
                    med       MED.
                    next-hop  Next hop.
            set attribute-unchanged6 {as-path | med | next-hop}   IPv6 List of attributes that should be unchanged.
                    as-path   AS path.
                    med       MED.
                    next-hop  Next hop.
            set activate {enable | disable}   Enable/disable address family IPv4 for this neighbor.
            set activate6 {enable | disable}   Enable/disable address family IPv6 for this neighbor.
            set bfd {enable | disable}   Enable/disable BFD for this neighbor.
            set capability-dynamic {enable | disable}   Enable/disable advertise dynamic capability to this neighbor.
            set capability-orf {none | receive | send | both}   Accept/Send IPv4 ORF lists to/from this neighbor.
                    none     None.
                    receive  Receive ORF lists.
                    send     Send ORF list.
                    both     Send and receive ORF lists.
            set capability-orf6 {none | receive | send | both}   Accept/Send IPv6 ORF lists to/from this neighbor.
                    none     None.
                    receive  Receive ORF lists.
                    send     Send ORF list.
                    both     Send and receive ORF lists.
            set capability-graceful-restart {enable | disable}   Enable/disable advertise IPv4 graceful restart capability to this neighbor.
            set capability-graceful-restart6 {enable | disable}   Enable/disable advertise IPv6 graceful restart capability to this neighbor.
            set capability-route-refresh {enable | disable}   Enable/disable advertise route refresh capability to this neighbor.
            set capability-default-originate {enable | disable}   Enable/disable advertise default IPv4 route to this neighbor.
            set capability-default-originate6 {enable | disable}   Enable/disable advertise default IPv6 route to this neighbor.
            set dont-capability-negotiate {enable | disable}   Don't negotiate capabilities with this neighbor
            set ebgp-enforce-multihop {enable | disable}   Enable/disable allow multi-hop EBGP neighbors.
            set link-down-failover {enable | disable}   Enable/disable failover upon link down.
            set stale-route {enable | disable}   Enable/disable stale route after neighbor down.
            set next-hop-self {enable | disable}   Enable/disable IPv4 next-hop calculation for this neighbor.
            set next-hop-self6 {enable | disable}   Enable/disable IPv6 next-hop calculation for this neighbor.
            set override-capability {enable | disable}   Enable/disable override result of capability negotiation.
            set passive {enable | disable}   Enable/disable sending of open messages to this neighbor.
            set remove-private-as {enable | disable}   Enable/disable remove private AS number from IPv4 outbound updates.
            set remove-private-as6 {enable | disable}   Enable/disable remove private AS number from IPv6 outbound updates.
            set route-reflector-client {enable | disable}   Enable/disable IPv4 AS route reflector client.
            set route-reflector-client6 {enable | disable}   Enable/disable IPv6 AS route reflector client.
            set route-server-client {enable | disable}   Enable/disable IPv4 AS route server client.
            set route-server-client6 {enable | disable}   Enable/disable IPv6 AS route server client.
            set shutdown {enable | disable}   Enable/disable shutdown this neighbor.
            set soft-reconfiguration {enable | disable}   Enable/disable allow IPv4 inbound soft reconfiguration.
            set soft-reconfiguration6 {enable | disable}   Enable/disable allow IPv6 inbound soft reconfiguration.
            set as-override {enable | disable}   Enable/disable replace peer AS with own AS for IPv4.
            set as-override6 {enable | disable}   Enable/disable replace peer AS with own AS for IPv6.
            set strict-capability-match {enable | disable}   Enable/disable strict capability matching.
            set default-originate-routemap {string}   Route map to specify criteria to originate IPv4 default. size[35] - datasource(s): router.route-map.name
            set default-originate-routemap6 {string}   Route map to specify criteria to originate IPv6 default. size[35] - datasource(s): router.route-map.name
            set description {string}   Description. size[63]
            set distribute-list-in {string}   Filter for IPv4 updates from this neighbor. size[35] - datasource(s): router.access-list.name
            set distribute-list-in6 {string}   Filter for IPv6 updates from this neighbor. size[35] - datasource(s): router.access-list6.name
            set distribute-list-out {string}   Filter for IPv4 updates to this neighbor. size[35] - datasource(s): router.access-list.name
            set distribute-list-out6 {string}   Filter for IPv6 updates to this neighbor. size[35] - datasource(s): router.access-list6.name
            set ebgp-multihop-ttl {integer}   EBGP multihop TTL for this peer. range[1-255]
            set filter-list-in {string}   BGP filter for IPv4 inbound routes. size[35] - datasource(s): router.aspath-list.name
            set filter-list-in6 {string}   BGP filter for IPv6 inbound routes. size[35] - datasource(s): router.aspath-list.name
            set filter-list-out {string}   BGP filter for IPv4 outbound routes. size[35] - datasource(s): router.aspath-list.name
            set filter-list-out6 {string}   BGP filter for IPv6 outbound routes. size[35] - datasource(s): router.aspath-list.name
            set interface {string}   Interface size[15] - datasource(s): system.interface.name
            set maximum-prefix {integer}   Maximum number of IPv4 prefixes to accept from this peer. range[1-4294967295]
            set maximum-prefix6 {integer}   Maximum number of IPv6 prefixes to accept from this peer. range[1-4294967295]
            set maximum-prefix-threshold {integer}   Maximum IPv4 prefix threshold value (1 - 100 percent). range[1-100]
            set maximum-prefix-threshold6 {integer}   Maximum IPv6 prefix threshold value (1 - 100 percent). range[1-100]
            set maximum-prefix-warning-only {enable | disable}   Enable/disable IPv4 Only give warning message when limit is exceeded.
            set maximum-prefix-warning-only6 {enable | disable}   Enable/disable IPv6 Only give warning message when limit is exceeded.
            set prefix-list-in {string}   IPv4 Inbound filter for updates from this neighbor. size[35] - datasource(s): router.prefix-list.name
            set prefix-list-in6 {string}   IPv6 Inbound filter for updates from this neighbor. size[35] - datasource(s): router.prefix-list6.name
            set prefix-list-out {string}   IPv4 Outbound filter for updates to this neighbor. size[35] - datasource(s): router.prefix-list.name
            set prefix-list-out6 {string}   IPv6 Outbound filter for updates to this neighbor. size[35] - datasource(s): router.prefix-list6.name
            set remote-as {integer}   AS number of neighbor. range[1-4294967295]
            set local-as {integer}   Local AS number of neighbor. range[0-4294967295]
            set local-as-no-prepend {enable | disable}   Do not prepend local-as to incoming updates.
            set local-as-replace-as {enable | disable}   Replace real AS with local-as in outgoing updates.
            set retain-stale-time {integer}   Time to retain stale routes. range[0-65535]
            set route-map-in {string}   IPv4 Inbound route map filter. size[35] - datasource(s): router.route-map.name
            set route-map-in6 {string}   IPv6 Inbound route map filter. size[35] - datasource(s): router.route-map.name
            set route-map-out {string}   IPv4 Outbound route map filter. size[35] - datasource(s): router.route-map.name
            set route-map-out6 {string}   IPv6 Outbound route map filter. size[35] - datasource(s): router.route-map.name
            set send-community {standard | extended | both | disable}   IPv4 Send community attribute to neighbor.
                    standard  Standard.
                    extended  Extended.
                    both      Both.
                    disable   Disable
            set send-community6 {standard | extended | both | disable}   IPv6 Send community attribute to neighbor.
                    standard  Standard.
                    extended  Extended.
                    both      Both.
                    disable   Disable
            set keep-alive-timer {integer}   Keep alive timer interval (sec). range[0-65535]
            set holdtime-timer {integer}   Interval (sec) before peer considered dead. range[3-65535]
            set connect-timer {integer}   Interval (sec) for connect timer. range[0-65535]
            set unsuppress-map {string}   IPv4 Route map to selectively unsuppress suppressed routes. size[35] - datasource(s): router.route-map.name
            set unsuppress-map6 {string}   IPv6 Route map to selectively unsuppress suppressed routes. size[35] - datasource(s): router.route-map.name
            set update-source {string}   Interface to use as source IP/IPv6 address of TCP connections. size[15] - datasource(s): system.interface.name
            set weight {integer}   Neighbor weight. range[0-65535]
            set restart-time {integer}   Graceful restart delay time (sec, 0 = global default). range[0-3600]
        next
    config neighbor-range
        edit {id}
        # BGP neighbor range table.
            set id {integer}   Neighbor range ID. range[0-4294967295]
            set prefix {ipv4 classnet}   Neighbor range prefix.
            set max-neighbor-num {integer}   Maximum number of neighbors. range[1-1000]
            set neighbor-group {string}   Neighbor group name. size[63] - datasource(s): router.bgp.neighbor-group.name
        next
    config neighbor-range6
        edit {id}
        # BGP IPv6 neighbor range table.
            set id {integer}   IPv6 neighbor range ID. range[0-4294967295]
            set prefix6 {ipv6 network}   IPv6 prefix.
            set max-neighbor-num {integer}   Maximum number of neighbors. range[1-1000]
            set neighbor-group {string}   Neighbor group name. size[63] - datasource(s): router.bgp.neighbor-group.name
        next
    config network
        edit {id}
        # BGP network table.
            set id {integer}   ID. range[0-4294967295]
            set prefix {ipv4 classnet}   Network prefix.
            set backdoor {enable | disable}   Enable/disable route as backdoor.
            set route-map {string}   Route map to modify generated route. size[35] - datasource(s): router.route-map.name
        next
    config network6
        edit {id}
        # BGP IPv6 network table.
            set id {integer}   ID. range[0-4294967295]
            set prefix6 {ipv6 network}   Network IPv6 prefix.
            set backdoor {enable | disable}   Enable/disable route as backdoor.
            set route-map {string}   Route map to modify generated route. size[35] - datasource(s): router.route-map.name
        next
    config redistribute
        edit {name}
        # BGP IPv4 redistribute table.
            set name {string}   Distribute list entry name. size[35]
            set status {enable | disable}   Status
            set route-map {string}   Route map name. size[35] - datasource(s): router.route-map.name
        next
    config redistribute6
        edit {name}
        # BGP IPv6 redistribute table.
            set name {string}   Distribute list entry name. size[35]
            set status {enable | disable}   Status
            set route-map {string}   Route map name. size[35] - datasource(s): router.route-map.name
        next
    config admin-distance
        edit {id}
        # Administrative distance modifications.
            set id {integer}   ID. range[0-4294967295]
            set neighbour-prefix {ipv4 classnet}   Neighbor address prefix.
            set route-list {string}   Access list of routes to apply new distance to. size[35] - datasource(s): router.access-list.name
            set distance {integer}   Administrative distance to apply (1 - 255). range[1-255]
        next
end

Additional information

The following section is for those options that require additional explanation.

About BGP timers:

The BGP timers are just to allow for faster route convergence in the case an interface goes down. You can experiment with these settings based on your needs/requirements:

holdtime-timer — how long the router will wait for a keepalive message before declaring a router offline. A shorter time will find an off-line router faster.

keepalive-timer — how often the router sends out keepalive messages to neighbor routers to maintain those sessions.

advertising-interval -- Set the minimum amount of time (in seconds) that the FortiGate unit waits before sending a BGP routing update to the BGP neighbor.

scan-time -- Configure the background scanner interval (in seconds) for next-hop route scanning.

as {integer}

Enter an integer to specify the local autonomous system (AS) number of the FortiGate. The range is from 1 to
4 294 967 295. A value of 0 disables BGP (disabled by default).

When local_as_id number is different than remote-as of the specified BGP neighbor, an External BGP (EBGP) session is started. Otherwise, an Internal BGP (IBGP) session is started.

bestpath-med-missing-as-worst {enable | disable}

Note: This field is only available when bestpath-med-confed is enabled.

Enable or disable (by default) treating any confederation path with a missing MED metric as the least preferred path.

client-to-client-reflection {enable | disable}

Enable (by default) or disable client-to-client route reflection between IBGP peers. If the clients are fully meshed, route reflection may be disabled.

cluster-id {ipv4 address any}

Set the identifier of the route reflector in the cluster ID to which the FortiGate belongs. If 0 is specified, the FortiGate operates as the route reflector and its router-id value is used as the cluster-id value. If the FortiGate identifies its own cluster ID in the CLUSTER_LIST attribute of a received route, the route is ignored to prevent looping.

dampening {enable | disable}

Enable or disable (by default) route-flap dampening on all BGP routes. A flapping route is unstable and continually transitions down and up (see RFC 2439).

If you enable dampening, you may optionally set dampening-route-map or define the associated values individually using the dampening-* fields.

dampening-max-suppress-time <minutes>

Note: This field is only available when dampening is enabled.

Set the maximum time that a route can be suppressed (1 to 255 minutes, default = 60). A route may continue to accumulate penalties while it is suppressed. However, the route cannot be suppressed longer than the maximum time.

dampening-reachability-half-life <minutes>

Note: This field is only available when dampening is enabled.

Set the time after which any penalty assigned to a reachable (but flapping) route is decreased by half (1 to 45 minutes, default = 15).

dampening-reuse {integer}

Note: This field is only available when dampening is enabled.

Set a dampening reuse limit based on the number of accumulated penalties (1 to 20 000, default = 750). If the penalty assigned to a flapping route decreases enough to fall below the specified limit, the route is not suppressed.

dampening-route-map <route map>

Note: This field is only available when dampening is enabled.

Specify the route map that contains criteria for dampening. You must create a route map before it can be selected here, see router route-map.

dampening-suppress {integer}

Note: This field is only available when dampening is enabled.

Set a dampening-suppression limit based on the number of accumulated penalties (1 to 20 000, default = 2 000). A route is suppressed (not advertised) when its penalty exceeds the specified limit.

dampening-unreachability-half-life <minutes>

Note: This field is only available when dampening is enabled.

Set the time after which the penalty on a route that is considered unreachable is decreased by half (1 to 45 minutes, default = 15).

distance-external {integer}

Set the administrative distance of EBGP routes (1 to 255, default = 20). If you set this value, you must also set distance-internal and distance-local.

distance-internal {integer}

Note: This field is only available when distance-external is set.

Set the administrative distance of IBGP routes (1 to 255, default = 200).

distance-local {integer}

Note: This field is only available when distance-external is set.

Set the administrative distance of local BGP routes (1 to 255, default = 200).

graceful-restart {disable | enable}

Enable or disable (by default) BGP support for the graceful restart feature.

Graceful restart limits the effects of software problems by allowing forwarding to continue when the control plane of the router fails. It also reduces routing flaps by stabilizing the network.

graceful-restart-time <seconds>

Note: This field is only available when graceful-restart is enabled.

Set the time needed for neighbors to restart after a graceful restart (1 to 3600 seconds, default = 120).

graceful-stalepath-time <seconds>

Note: This field is only available when graceful-restart is enabled.

Set the time to hold stale paths of restarting neighbors (1 to 3600 seconds, default = 360).

graceful-update-delay <seconds>

Note: This field is only available when graceful-restart is enabled.

Set the time that route advertisement and selection is delayed after a graceful restart (1 to 3600 seconds, default = 120)

router-id {ipv4 address any}

Specify a fixed identifier for the FortiGate. A value of 0.0.0.0 is not allowed. If router-id is not explicitly set, the highest IP address of the VDOM will be used.

config admin-distance

Use this subcommand to set administrative distance modifications for bgp routes.

route-list <access list>

The list of routes this distance will be applied to. The routes in this list must have been configured in the access list, see router {access-list | access-list6}.

config aggregate-address, config aggregate-address6

Use this subcommand to set or unset BGP aggregate-address table parameters. The subcommand creates a BGP aggregate entry in the routing table. Use aggregate-address for IPv4 routing and aggregate-address6 for IPv6 routing.

When you aggregate routes, routing becomes less precise because path details are not readily available for routing purposes. The aggregate address represents addresses in several autonomous systems. Aggregation reduces the length of the network mask until it masks only the bits that are common to all of the addresses being summarized.

as-set {enable | disable}

Enable or disable (by default) the generation of an unordered list of AS numbers to include in the path information. When enabled, a set-atomic-aggregate value does not have to be specified.

config neighbor

Use this subcommand to set or unset BGP neighbor configuration settings. The subcommand adds a BGP neighbor configuration to the FortiGate.

allowas-in {integer}

Note: This field is available when allowas-in-enable is enabled.

Set the maximum number of occurrences your AS number is allowed in (IPv4).

allowas-in6 {integer}

Note: This field is available when allowas-in-enable6 is enabled.

Set the maximum number of occurrences your AS number is allowed in (IPv6).

attribute-unchanged {as-path | med | next-hop}

Propagate unchanged BGP attributes to the BGP neighbor using one of the following methods (IPv4):

  • To advertise unchanged AS_PATH attributes, select as-path.
  • To advertise unchanged MULTI_EXIT_DISC attributes, select med.
  • To advertise the IP address of the next-hop router interface (even when the address has not changed), select next-hop.
  • An empty set (default) is a supported value.

attribute-unchanged6 {as-path | med | next-hop}

Propagate unchanged BGP attributes to the BGP neighbor using one of the following methods (IPv6):

  • To advertise unchanged AS_PATH attributes, select as-path.
  • To advertise unchanged MULTI_EXIT_DISC attributes, select med.
  • To advertise the IP address of the next-hop router interface (even when the address has not changed), select next-hop.
  • An empty set (default) is a supported value.

capability-orf {none | receive | send | both}

Enable advertising of Outbound Routing Filter (ORF) prefix-list capability to the BGP neighbor using one of the following methods (IPv4)

  • none: disable the advertising of ORF prefix-list capability (default).
  • receive: enable receive capability.
  • send: enable send capability.
  • both: enable send and receive capability.

distribute-list-in <access list>

Limit route updates from the BGP neighbor based on the Network Layer Reachability Information (NLRI) defined in the specified access list (IPv4).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

distribute-list-in6 <access list>

Limit route updates from the BGP neighbor based on the Network Layer Reachability Information (NLRI) defined in the specified access list (IPv6).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

distribute-list-out <access list>

Limit route updates to the BGP neighbor based on the NLRI defined in the specified access list (IPv4).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

distribute-list-out6 <access list>

Limit route updates to the BGP neighbor based on the NLRI defined in the specified access list (IPv6).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

ebgp-multihop-ttl <hop counts>

Note: This field is available when ebgp-enforce-multihop is enabled.

Define a TTL value for BGP packets sent to the BGP neighbor (1 - 255 hop counts, default = 255)

filter-list-in <access list>

Limit inbound BGP routes according to the specified access list (IPv4). You must create the access list before it can be selected here, see router {access-list | access-list6}.

filter-list-in6 <access list>

Limit inbound BGP routes according to the specified access list (IPv6). You must create the access list before it can be selected here, see router {access-list | access-list6}.

filter-list-out <access list>

Limit outbound BGP routes according to the specified access list (IPv4). You must create the access list before it can be selected here, see router {access-list | access-list6}.

filter-list-out6 <access list>

Limit outbound BGP routes according to the specified access list (IPv6). You must create the access list before it can be selected here, see router {access-list | access-list6}.

holdtime-timer <seconds>

Note: This field is available when graceful-restart is enabled.

The amount of time that must expire before the FortiGate declares the BGP neighbor down (3 - 65 535 seconds, no default). This value overrides the global holdtime-timer value.

maximum-prefix {integer}

Set the maximum number of NLRI prefixes to accept from the BGP neighbor (1 - 4 294 967 295, no default) (IPv4). When the maximum is reached, the FortiGate disconnects the BGP neighbor.

Changing this value on the FortiGate does not disconnect the BGP neighbor. However, if the neighbor goes down because it reaches the maximum number of prefixes and you increase the value afterward, the neighbor will be reset.

maximum-prefix6 {integer}

Set the maximum number of NLRI prefixes to accept from the BGP neighbor (1 - 4 294 967 295, no default) (IPv6). When the maximum is reached, the FortiGate disconnects the BGP neighbor.

Changing this value on the FortiGate does not disconnect the BGP neighbor. However, if the neighbor goes down because it reaches the maximum number of prefixes and you increase the value afterward, the neighbor will be reset.

maximum-prefix-threshold {integer}

Note: This field is available when maximum-prefix is set.

Specify the threshold that must be exceeded before a warning message about the maximum number of NLRI prefixes is displayed (1 - 100, default = 75) (IPv4).

maximum-prefix-threshold6 {integer}

Note: This field is available when maximum-prefix is set.

Specify the threshold that must be exceeded before a warning message about the maximum number of NLRI prefixes is displayed(1 - 100, default = 75) (IPv6).

maximum-prefix-warning-only {enable | disable}

Note: This field is available when maximum-prefix is set.

Enable or disable (by default) the display of a warning when the maximum-prefix-threshold has been reached (IPv4).

maximum-prefix-warning-only6 {enable | disable}

Note: This field is available when maximum-prefix6 is set.

Enable or disable (by default) the display of a warning when the maximum-prefix-threshold has been reached (IPv6).

prefix-list-in {string}

Limit route updates from a BGP neighbor based on the Network Layer Reachability Information (NLRI) in the specified prefix list (IPv4). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

prefix-list-in6 {string}

Limit route updates from a BGP neighbor based on the Network Layer Reachability Information (NLRI) in the specified prefix list (IPv6). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

prefix-list-out {string}

Limit route updates to a BGP neighbor based on the NLRI in the specified prefix list (IPv4). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

prefix-list-out6 {string}

Limit route updates to a BGP neighbor based on the NLRI in the specified prefix list (IPv6). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

remote-as {integer}

Adds a BGP neighbor to the FortiGate configuration and sets the AS number of the neighbor (1 - 65 535, no default).

If the number is identical to the AS number of the FortiGate, the FortiGate communicates with the neighbor using internal BGP (IBGP). Otherwise, the neighbor is an external peer and the FortiGate uses EBGP to communicate with the neighbor.

retain-stale-time <seconds>

Note: This field is available when capability-graceful-restart is enabled.

Specify the time that stale routes to the BGP neighbor will be retained (1 - 65 535 seconds, default = 0).

route-map-in <route map>

Limit route updates or change the attributes of route updates from the BGP neighbor according to the specified route map (IPv4). You must create the route map before it can be selected here, see router route-map.

route-map-in6 <route map>

Limit route updates or change the attributes of route updates from the BGP neighbor according to the specified route map (IPv6). You must create the route map before it can be selected here, see router route-map.

route-map-out <route map>

Limit route updates or change the attributes of route updates to the BGP neighbor according to the specified route map (IPv4). You must create the route map before it can be selected here, see router route-map.

route-map-out6 <route map>

Limit route updates or change the attributes of route updates to the BGP neighbor according to the specified route map (IPv6). You must create the route map before it can be selected here, see router route-map.

send-community {standard | extended | both | disable}

Enable sending the COMMUNITY attribute to the BGP neighbor using one of the following methods (IPv4):

  • standard: advertise standard capabilities
  • extended: advertise extended capabilities
  • both: advertise extended and standard capabilities (default)
  • disable: disable the advertising of the COMMUNITY attribute

send-community6 {standard | extended | both | disable}

Enable sending the COMMUNITY attribute to the BGP neighbor using one of the following methods (IPv6):

  • standard: advertise standard capabilities
  • extended: advertise extended capabilities
  • both: advertise extended and standard capabilities (default)
  • disable: disable the advertising of the COMMUNITY attribute

unsuppress-map <route map>

Specify the name of the route map to selectively unsuppress suppressed routes (IPv4). You must create the route map before it can be selected here, see router route-map.

unsuppress-map6 <route map>

Specify the name of the route map to selectively unsuppress suppressed routes (IPv6). You must create the route map before it can be selected here, see router route-map.

config conditional-advertise

Use this subcommand to set BGP conditional advertising.

advertise-routemap <route map>

Specify the name of the advertising route map. You must create the route map before it can be selected here, see router route-map.

condition-routemap <route map>

Specify the name of the condition route map. You must create the route map before it can be selected here, see router route-map.

condition-type {exist | non‑exist}

Select the type of condition: exist if route map is matched (default), non-exist if route map is not matched.

config neighbor-group

Use this subcommand to set or unset BGP neighbor group settings.

allowas-in {integer}

Note: This field is available when allowas-in-enable is enabled.

Set the maximum number of occurrences your AS number is allowed in (IPv4).

allowas-in6 {integer}

Note: This field is available when allowas-in-enable6 is enabled.

Set the maximum number of occurrences your AS number is allowed in (IPv6).

attribute-unchanged {as-path | med | next-hop}

Propagate unchanged BGP attributes to the BGP neighbor using one of the following methods (IPv4):

  • To advertise unchanged AS_PATH attributes, select as-path.
  • To advertise unchanged MULTI_EXIT_DISC attributes, select med.
  • To advertise the IP address of the next-hop router interface (even when the address has not changed), select next-hop.
  • An empty set (default) is a supported value.

attribute-unchanged6 {as-path | med | next-hop}

Propagate unchanged BGP attributes to the BGP neighbor using one of the following methods (IPv6):

  • To advertise unchanged AS_PATH attributes, select as-path.
  • To advertise unchanged MULTI_EXIT_DISC attributes, select med.
  • To advertise the IP address of the next-hop router interface (even when the address has not changed), select next-hop.
  • An empty set (default) is a supported value.

capability-orf {none | receive | send | both}

Enable advertising of Outbound Routing Filter (ORF) prefix-list capability to the BGP neighbor using one of the following methods (IPv4)

  • none: disable the advertising of ORF prefix-list capability (default).
  • receive: enable receive capability.
  • send: enable send capability.
  • both: enable send and receive capability.

default-originate-routemap <route map>

Set the route map used to specify criterial to originate default (IPv4). You must create the route map before it can be selected here,see router route-map.

default-originate-routemap6 <route map>

Set the route map used to specify criterial to originate default (IPv6). You must create the route map before it can be selected here,see router route-map.

distribute-list-in <access list>

Limit route updates from the BGP neighbor based on the Network Layer Reachability Information (NLRI) defined in the specified access list (IPv4). You must create the access list before it can be selected here, see router {access-list | access-list6}.

distribute-list-in6 <access list>

Limit route updates from the BGP neighbor based on the Network Layer Reachability Information (NLRI) defined in the specified access list (IPv6). You must create the access list before it can be selected here, see router {access-list | access-list6}.

distribute-list-out <access list>

Limit route updates to the BGP neighbor based on the NLRI defined in the specified access list (IPv4). You must create the access list before it can be selected here, see router {access-list | access-list6}.

distribute-list-out6 <access list>

Limit route updates to the BGP neighbor based on the NLRI defined in the specified access list (IPv6). You must create the access list before it can be selected here, see router {access-list | access-list6}.

ebgp-multihop-ttl <hop counts>

Note: This field is available when ebgp-enforce-multihop is enabled.

Define a TTL value for BGP packets sent to the BGP neighbor (1 - 255 hop counts, default = 255)

filter-list-in <access list>

Limit inbound BGP routes according to the specified AS-path list (IPv4). You must create the access list before it can be selected here, see router {access-list | access-list6}.

filter-list-in6 <access list>

Limit inbound BGP routes according to the specified AS-path list (IPv6).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

filter-list-out <access list>

Limit outbound BGP routes according to the specified AS-path list (IPv4).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

filter-list-out6 <access list>

Limit outbound BGP routes according to the specified AS-path list (IPv6).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

holdtime-timer {integer}

Note: This field is available when graceful-restart is enabled.

The amount of time that must expire before the FortiGate declares the BGP neighbor down (3 - 65 535 seconds, no default). This value overrides the global holdtime-timer value.

maximum-prefix {integer}

Set the maximum number of NLRI prefixes to accept from the BGP neighbor (1 - 4 294 967 295, no default) (IPv4). When the maximum is reached, the FortiGate disconnects the BGP neighbor.

Changing this value on the FortiGate does not disconnect the BGP neighbor. However, if the neighbor goes down because it reaches the maximum number of prefixes and you increase the value afterward, the neighbor will be reset.

maximum-prefix6 {integer}

Set the maximum number of NLRI prefixes to accept from the BGP neighbor (1 - 4 294 967 295, no default) (IPv6). When the maximum is reached, the FortiGate disconnects the BGP neighbor.

Changing this value on the FortiGate does not disconnect the BGP neighbor. However, if the neighbor goes down because it reaches the maximum number of prefixes and you increase the value afterward, the neighbor will be reset.

maximum-prefix-threshold {integer}

Note: This field is available when maximum-prefix is set.

Specify the threshold that must be exceeded before a warning message about the maximum number of NLRI prefixes is displayed (1 - 100, default = 75) (IPv4).

maximum-prefix-threshold6 {integer}

Note: This field is available when maximum-prefix is set.

Specify the threshold that must be exceeded before a warning message about the maximum number of NLRI prefixes is displayed(1 - 100, default = 75) (IPv6).

maximum-prefix-warning-only {enable | disable}

Note: This field is available when maximum-prefix is set.

Enable or disable (by default) the display of a warning when the maximum-prefix-threshold has been reached (IPv4).

maximum-prefix-warning-only6 {enable | disable}

Note: This field is available when maximum-prefix6 is set.

Enable or disable (by default) the display of a warning when the maximum-prefix-threshold has been reached (IPv6).

prefix-list-in {string}

Limit route updates from a BGP neighbor based on the Network Layer Reachability Information (NLRI) in the specified prefix list (IPv4). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

prefix-list-in6 {string}

Limit route updates from a BGP neighbor based on the Network Layer Reachability Information (NLRI) in the specified prefix list (IPv6). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

prefix-list-out {string}

Limit route updates to a BGP neighbor based on the NLRI in the specified prefix list (IPv4). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

prefix-list-out6 {string}

Limit route updates to a BGP neighbor based on the NLRI in the specified prefix list (IPv6). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

remote-as {integer}

Adds a BGP neighbor to the FortiGate configuration and sets the AS number of the neighbor (1 - 65 535, no default).

If the number is identical to the AS number of the FortiGate, the FortiGate communicates with the neighbor using internal BGP (IBGP). Otherwise, the neighbor is an external peer and the FortiGate uses EBGP to communicate with the neighbor.

retain-stale-time {integer}

Note: This field is available when capability-graceful-restart is enabled.

Specify the time that stale routes to the BGP neighbor will be retained (1 - 65 535 seconds, default = 0).

route-map-in <route map>

Limit route updates or change the attributes of route updates from the BGP neighbor according to the specified route map (IPv4). You must create the route map before it can be selected here, see router route-map.

route-map-in6 <route map>

Limit route updates or change the attributes of route updates from the BGP neighbor according to the specified route map (IPv6). You must create the route map before it can be selected here, see router route-map.

route-map-out <route map>

Limit route updates or change the attributes of route updates to the BGP neighbor according to the specified route map (IPv4). You must create the route map before it can be selected here, see router route-map.

route-map-out6 <route map>

Limit route updates or change the attributes of route updates to the BGP neighbor according to the specified route map (IPv6). You must create the route map before it can be selected here, see router route-map.

route-reflector-client {enable | disable}

Note: This field is available when remote-as is identical to the FortiGate AS number.

Enable or disable (by default) the operation of the FortiGate unit as a route reflector and identify the BGP neighbor as a route reflector client (IPv4).

Inbound routes for route reflectors can change the next-hop, local-preference, med, and as-path attributes of IBGP routes for local route selection, while outbound IBGP routes do not take into effect these attributes.

route-reflector-client6 {enable | disable}

Note: This field is available when remote-as is identical to the FortiGate AS number.

Enable or disable (by default) the operation of the FortiGate unit as a route reflector and identify the BGP neighbor as a route reflector client (IPv6).

Inbound routes for route reflectors can change the next-hop, local-preference, med, and as-path attributes of IBGP routes for local route selection, while outbound IBGP routes do not take into effect these attributes.

send-community {standard | extended | both | disable}

Enable sending the COMMUNITY attribute to the BGP neighbor using one of the following methods (IPv4):

  • standard: advertise standard capabilities
  • extended: advertise extended capabilities
  • both: advertise extended and standard capabilities (default)
  • disable: disable the advertising of the COMMUNITY attribute

send-community6 {standard | extended | both | disable}

Enable sending the COMMUNITY attribute to the BGP neighbor using one of the following methods (IPv6):

  • standard: advertise standard capabilities
  • extended: advertise extended capabilities
  • both: advertise extended and standard capabilities (default)
  • disable: disable the advertising of the COMMUNITY attribute

unsuppress-map <route map>

Specify the name of the route map to selectively unsuppress suppressed routes (IPv4). You must create the route map before it can be selected here, see router route-map.

unsuppress-map6 <route map>

Specify the name of the route map to selectively unsuppress suppressed routes (IPv6). You must create the route map before it can be selected here, see router route-map.

config neighbor-range, config neighbor-range6

Use this subcommand to set or unset BGP neighbor range settings. Use neigbor-range for IPv4 and neighbor-range6 for IPv6.

neighbor-group {string}

Specify the name of the neighbor group. You must create the group before it may be selected here.

config network, config network6

Use this subcommand to set or unset BGP network configuration parameters. The subcommand is used to advertise a BGP network by specifying the IP addresses making up the local BGP network. Use network for IPv4 and network6 for IPv6.

route-map <route map>

Specify the name of the route map that will be used to modify the attributes of the route before it is advertised. You must create the route map before it can be selected here, see router route-map.

config redistribute, config redistribute6 {connected | isis | static | rip | ospf}

Use this subcommand to set or unset BGP redistribution table parameters. Use redistribute for IPv4 and redistribute6 for IPv6.

You can enable BGP to provide connectivity between connected, static, RIP, and/or OSPF routes. BGP redistributes the routes from one protocol to another. When a large internetwork is divided into multiple routing domains, use the subcommand to redistribute routes to the various domains.

The BGP redistribution table contains five static entries. You cannot add entries to the table. The entries are defined as follows:

  • connected: Redistribute routes learned from a direct connection to the destination network
  • isis: Redistribute routes learned from ISIS
  • static: Redistribute the static routes defined in the FortiGate unit routing table
  • rip: Redistribute routes learned from RIP
  • ospf: Redistribute routes learned from OSPF

route-map <route map>

Specify the name of the route map that identifies the routes to redistribute. If a route map is not specified, all routes are redistributed to BGP. You must create the route map before it can be selected here, see router route-map.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

router bgp

Use this command to set or unset BGP-4 routing parameters. BGP can be used to perform Classless Interdomain Routing (CIDR) and to route traffic between different autonomous systems or domains using an alternative route if a link between a FortiGate and a BGP peer (such as an ISP router) fails. FortiOS BGP4 complies with RFC 1771 and supports IPv4 addressing.

When BGP is enabled, the FortiGate sends routing table updates to the upstream ISP router whenever any part of the routing table changes. The update advertises which routes can be used to reach the FortiGate. In this way, routes are made known from the border of the internal network outwards (routes are pushed forward) instead of relying on upstream routers to propagate alternative paths to the FortiGate.

FortiGate BGP supports the following extensions to help manage large numbers of BGP peers:

  • Communities — The FortiGate can set the COMMUNITY attribute of a route to assign the route to predefined paths (see RFC 1997). The FortiGate can also examine the COMMUNITY attribute of learned routes to perform local filtering and/or redistribution.
  • Internal BGP (IBGP) route reflectors — The FortiGate can operate as a route reflector or participate as a client in a cluster of IBGP peers (see RFC 1966).
  • External BGP (EBGP) confederations — The FortiGate can operate as a confederation member, using its AS confederation identifier in all transactions with peers that are not members of its confederation (see RFC 3065).

FortiOS supports IPv6 over BGP4 via the BGP4+ protocol defined in RFC 2545 and RFC 2858. IPv6 configuration for BGP is accomplished with the aggregate-address6, network6, and redistribute6 variables. Also almost every variable in config neighbor has an IPv4 and IPv6 version such as activate and activate6.

config router bgp
    set as {integer}   Router AS number, valid from 1 to 4294967295, 0 to disable BGP. range[0-4294967295]
    set router-id {ipv4 address any}   Router ID.
    set keepalive-timer {integer}   Frequency to send keep alive requests. range[0-65535]
    set holdtime-timer {integer}   Number of seconds to mark peer as dead. range[3-65535]
    set always-compare-med {enable | disable}   Enable/disable always compare MED.
    set bestpath-as-path-ignore {enable | disable}   Enable/disable ignore AS path.
    set bestpath-cmp-confed-aspath {enable | disable}   Enable/disable compare federation AS path length.
    set bestpath-cmp-routerid {enable | disable}   Enable/disable compare router ID for identical EBGP paths.
    set bestpath-med-confed {enable | disable}   Enable/disable compare MED among confederation paths.
    set bestpath-med-missing-as-worst {enable | disable}   Enable/disable treat missing MED as least preferred.
    set client-to-client-reflection {enable | disable}   Enable/disable client-to-client route reflection.
    set dampening {enable | disable}   Enable/disable route-flap dampening.
    set deterministic-med {enable | disable}   Enable/disable enforce deterministic comparison of MED.
    set ebgp-multipath {enable | disable}   Enable/disable EBGP multi-path.
    set ibgp-multipath {enable | disable}   Enable/disable IBGP multi-path.
    set enforce-first-as {enable | disable}   Enable/disable enforce first AS for EBGP routes.
    set fast-external-failover {enable | disable}   Enable/disable reset peer BGP session if link goes down.
    set log-neighbour-changes {enable | disable}   Enable logging of BGP neighbour's changes
    set network-import-check {enable | disable}   Enable/disable ensure BGP network route exists in IGP.
    set ignore-optional-capability {enable | disable}   Don't send unknown optional capability notification message
    set cluster-id {ipv4 address any}   Route reflector cluster ID.
    set confederation-identifier {integer}   Confederation identifier. range[1-4294967295]
    config confederation-peers
        edit {peer}
        # Confederation peers.
            set peer {string}   Peer ID. size[64]
        next
    set dampening-route-map {string}   Criteria for dampening. size[35] - datasource(s): router.route-map.name
    set dampening-reachability-half-life {integer}   Reachability half-life time for penalty (min). range[1-45]
    set dampening-reuse {integer}   Threshold to reuse routes. range[1-20000]
    set dampening-suppress {integer}   Threshold to suppress routes. range[1-20000]
    set dampening-max-suppress-time {integer}   Maximum minutes a route can be suppressed. range[1-255]
    set dampening-unreachability-half-life {integer}   Unreachability half-life time for penalty (min). range[1-45]
    set default-local-preference {integer}   Default local preference. range[0-4294967295]
    set scan-time {integer}   Background scanner interval (sec), 0 to disable it. range[5-60]
    set distance-external {integer}   Distance for routes external to the AS. range[1-255]
    set distance-internal {integer}   Distance for routes internal to the AS. range[1-255]
    set distance-local {integer}   Distance for routes local to the AS. range[1-255]
    set synchronization {enable | disable}   Enable/disable only advertise routes from iBGP if routes present in an IGP.
    set graceful-restart {enable | disable}   Enable/disable BGP graceful restart capabilities.
    set graceful-restart-time {integer}   Time needed for neighbors to restart (sec). range[1-3600]
    set graceful-stalepath-time {integer}   Time to hold stale paths of restarting neighbor (sec). range[1-3600]
    set graceful-update-delay {integer}   Route advertisement/selection delay after restart (sec). range[1-3600]
    set graceful-end-on-timer {enable | disable}   Enable/disable to exit graceful restart on timer only.
    config aggregate-address
        edit {id}
        # BGP aggregate address table.
            set id {integer}   ID. range[0-4294967295]
            set prefix {ipv4 classnet any}   Aggregate prefix.
            set as-set {enable | disable}   Enable/disable generate AS set path information.
            set summary-only {enable | disable}   Enable/disable filter more specific routes from updates.
        next
    config aggregate-address6
        edit {id}
        # BGP IPv6 aggregate address table.
            set id {integer}   ID. range[0-4294967295]
            set prefix6 {ipv6 prefix}   Aggregate IPv6 prefix.
            set as-set {enable | disable}   Enable/disable generate AS set path information.
            set summary-only {enable | disable}   Enable/disable filter more specific routes from updates.
        next
    config neighbor
        edit {ip}
        # BGP neighbor table.
            set ip {string}   IP/IPv6 address of neighbor. size[45]
            set advertisement-interval {integer}   Minimum interval (sec) between sending updates. range[1-600]
            set allowas-in-enable {enable | disable}   Enable/disable IPv4 Enable to allow my AS in AS path.
            set allowas-in-enable6 {enable | disable}   Enable/disable IPv6 Enable to allow my AS in AS path.
            set allowas-in {integer}   IPv4 The maximum number of occurrence of my AS number allowed. range[1-10]
            set allowas-in6 {integer}   IPv6 The maximum number of occurrence of my AS number allowed. range[1-10]
            set attribute-unchanged {as-path | med | next-hop}   IPv4 List of attributes that should be unchanged.
                    as-path   AS path.
                    med       MED.
                    next-hop  Next hop.
            set attribute-unchanged6 {as-path | med | next-hop}   IPv6 List of attributes that should be unchanged.
                    as-path   AS path.
                    med       MED.
                    next-hop  Next hop.
            set activate {enable | disable}   Enable/disable address family IPv4 for this neighbor.
            set activate6 {enable | disable}   Enable/disable address family IPv6 for this neighbor.
            set bfd {enable | disable}   Enable/disable BFD for this neighbor.
            set capability-dynamic {enable | disable}   Enable/disable advertise dynamic capability to this neighbor.
            set capability-orf {none | receive | send | both}   Accept/Send IPv4 ORF lists to/from this neighbor.
                    none     None.
                    receive  Receive ORF lists.
                    send     Send ORF list.
                    both     Send and receive ORF lists.
            set capability-orf6 {none | receive | send | both}   Accept/Send IPv6 ORF lists to/from this neighbor.
                    none     None.
                    receive  Receive ORF lists.
                    send     Send ORF list.
                    both     Send and receive ORF lists.
            set capability-graceful-restart {enable | disable}   Enable/disable advertise IPv4 graceful restart capability to this neighbor.
            set capability-graceful-restart6 {enable | disable}   Enable/disable advertise IPv6 graceful restart capability to this neighbor.
            set capability-route-refresh {enable | disable}   Enable/disable advertise route refresh capability to this neighbor.
            set capability-default-originate {enable | disable}   Enable/disable advertise default IPv4 route to this neighbor.
            set capability-default-originate6 {enable | disable}   Enable/disable advertise default IPv6 route to this neighbor.
            set dont-capability-negotiate {enable | disable}   Don't negotiate capabilities with this neighbor
            set ebgp-enforce-multihop {enable | disable}   Enable/disable allow multi-hop EBGP neighbors.
            set link-down-failover {enable | disable}   Enable/disable failover upon link down.
            set stale-route {enable | disable}   Enable/disable stale route after neighbor down.
            set next-hop-self {enable | disable}   Enable/disable IPv4 next-hop calculation for this neighbor.
            set next-hop-self6 {enable | disable}   Enable/disable IPv6 next-hop calculation for this neighbor.
            set override-capability {enable | disable}   Enable/disable override result of capability negotiation.
            set passive {enable | disable}   Enable/disable sending of open messages to this neighbor.
            set remove-private-as {enable | disable}   Enable/disable remove private AS number from IPv4 outbound updates.
            set remove-private-as6 {enable | disable}   Enable/disable remove private AS number from IPv6 outbound updates.
            set route-reflector-client {enable | disable}   Enable/disable IPv4 AS route reflector client.
            set route-reflector-client6 {enable | disable}   Enable/disable IPv6 AS route reflector client.
            set route-server-client {enable | disable}   Enable/disable IPv4 AS route server client.
            set route-server-client6 {enable | disable}   Enable/disable IPv6 AS route server client.
            set shutdown {enable | disable}   Enable/disable shutdown this neighbor.
            set soft-reconfiguration {enable | disable}   Enable/disable allow IPv4 inbound soft reconfiguration.
            set soft-reconfiguration6 {enable | disable}   Enable/disable allow IPv6 inbound soft reconfiguration.
            set as-override {enable | disable}   Enable/disable replace peer AS with own AS for IPv4.
            set as-override6 {enable | disable}   Enable/disable replace peer AS with own AS for IPv6.
            set strict-capability-match {enable | disable}   Enable/disable strict capability matching.
            set default-originate-routemap {string}   Route map to specify criteria to originate IPv4 default. size[35] - datasource(s): router.route-map.name
            set default-originate-routemap6 {string}   Route map to specify criteria to originate IPv6 default. size[35] - datasource(s): router.route-map.name
            set description {string}   Description. size[63]
            set distribute-list-in {string}   Filter for IPv4 updates from this neighbor. size[35] - datasource(s): router.access-list.name
            set distribute-list-in6 {string}   Filter for IPv6 updates from this neighbor. size[35] - datasource(s): router.access-list6.name
            set distribute-list-out {string}   Filter for IPv4 updates to this neighbor. size[35] - datasource(s): router.access-list.name
            set distribute-list-out6 {string}   Filter for IPv6 updates to this neighbor. size[35] - datasource(s): router.access-list6.name
            set ebgp-multihop-ttl {integer}   EBGP multihop TTL for this peer. range[1-255]
            set filter-list-in {string}   BGP filter for IPv4 inbound routes. size[35] - datasource(s): router.aspath-list.name
            set filter-list-in6 {string}   BGP filter for IPv6 inbound routes. size[35] - datasource(s): router.aspath-list.name
            set filter-list-out {string}   BGP filter for IPv4 outbound routes. size[35] - datasource(s): router.aspath-list.name
            set filter-list-out6 {string}   BGP filter for IPv6 outbound routes. size[35] - datasource(s): router.aspath-list.name
            set interface {string}   Interface size[15] - datasource(s): system.interface.name
            set maximum-prefix {integer}   Maximum number of IPv4 prefixes to accept from this peer. range[1-4294967295]
            set maximum-prefix6 {integer}   Maximum number of IPv6 prefixes to accept from this peer. range[1-4294967295]
            set maximum-prefix-threshold {integer}   Maximum IPv4 prefix threshold value (1 - 100 percent). range[1-100]
            set maximum-prefix-threshold6 {integer}   Maximum IPv6 prefix threshold value (1 - 100 percent). range[1-100]
            set maximum-prefix-warning-only {enable | disable}   Enable/disable IPv4 Only give warning message when limit is exceeded.
            set maximum-prefix-warning-only6 {enable | disable}   Enable/disable IPv6 Only give warning message when limit is exceeded.
            set prefix-list-in {string}   IPv4 Inbound filter for updates from this neighbor. size[35] - datasource(s): router.prefix-list.name
            set prefix-list-in6 {string}   IPv6 Inbound filter for updates from this neighbor. size[35] - datasource(s): router.prefix-list6.name
            set prefix-list-out {string}   IPv4 Outbound filter for updates to this neighbor. size[35] - datasource(s): router.prefix-list.name
            set prefix-list-out6 {string}   IPv6 Outbound filter for updates to this neighbor. size[35] - datasource(s): router.prefix-list6.name
            set remote-as {integer}   AS number of neighbor. range[1-4294967295]
            set local-as {integer}   Local AS number of neighbor. range[0-4294967295]
            set local-as-no-prepend {enable | disable}   Do not prepend local-as to incoming updates.
            set local-as-replace-as {enable | disable}   Replace real AS with local-as in outgoing updates.
            set retain-stale-time {integer}   Time to retain stale routes. range[0-65535]
            set route-map-in {string}   IPv4 Inbound route map filter. size[35] - datasource(s): router.route-map.name
            set route-map-in6 {string}   IPv6 Inbound route map filter. size[35] - datasource(s): router.route-map.name
            set route-map-out {string}   IPv4 Outbound route map filter. size[35] - datasource(s): router.route-map.name
            set route-map-out6 {string}   IPv6 Outbound route map filter. size[35] - datasource(s): router.route-map.name
            set send-community {standard | extended | both | disable}   IPv4 Send community attribute to neighbor.
                    standard  Standard.
                    extended  Extended.
                    both      Both.
                    disable   Disable
            set send-community6 {standard | extended | both | disable}   IPv6 Send community attribute to neighbor.
                    standard  Standard.
                    extended  Extended.
                    both      Both.
                    disable   Disable
            set keep-alive-timer {integer}   Keep alive timer interval (sec). range[0-65535]
            set holdtime-timer {integer}   Interval (sec) before peer considered dead. range[3-65535]
            set connect-timer {integer}   Interval (sec) for connect timer. range[0-65535]
            set unsuppress-map {string}   IPv4 Route map to selectively unsuppress suppressed routes. size[35] - datasource(s): router.route-map.name
            set unsuppress-map6 {string}   IPv6 Route map to selectively unsuppress suppressed routes. size[35] - datasource(s): router.route-map.name
            set update-source {string}   Interface to use as source IP/IPv6 address of TCP connections. size[15] - datasource(s): system.interface.name
            set weight {integer}   Neighbor weight. range[0-65535]
            set restart-time {integer}   Graceful restart delay time (sec, 0 = global default). range[0-3600]
            set password {password_string}   Password used in MD5 authentication. size[128]
            config conditional-advertise
                edit {advertise-routemap}
                # Conditional advertisement.
                    set advertise-routemap {string}   Name of advertising route map. size[35] - datasource(s): router.route-map.name
                    set condition-routemap {string}   Name of condition route map. size[35] - datasource(s): router.route-map.name
                    set condition-type {exist | non-exist}   Type of condition.
                            exist      True if condition route map is matched.
                            non-exist  True if condition route map is not matched.
                next
        next
    config neighbor-group
        edit {name}
        # BGP neighbor group table.
            set name {string}   Neighbor group name. size[45]
            set advertisement-interval {integer}   Minimum interval (sec) between sending updates. range[1-600]
            set allowas-in-enable {enable | disable}   Enable/disable IPv4 Enable to allow my AS in AS path.
            set allowas-in-enable6 {enable | disable}   Enable/disable IPv6 Enable to allow my AS in AS path.
            set allowas-in {integer}   IPv4 The maximum number of occurrence of my AS number allowed. range[1-10]
            set allowas-in6 {integer}   IPv6 The maximum number of occurrence of my AS number allowed. range[1-10]
            set attribute-unchanged {as-path | med | next-hop}   IPv4 List of attributes that should be unchanged.
                    as-path   AS path.
                    med       MED.
                    next-hop  Next hop.
            set attribute-unchanged6 {as-path | med | next-hop}   IPv6 List of attributes that should be unchanged.
                    as-path   AS path.
                    med       MED.
                    next-hop  Next hop.
            set activate {enable | disable}   Enable/disable address family IPv4 for this neighbor.
            set activate6 {enable | disable}   Enable/disable address family IPv6 for this neighbor.
            set bfd {enable | disable}   Enable/disable BFD for this neighbor.
            set capability-dynamic {enable | disable}   Enable/disable advertise dynamic capability to this neighbor.
            set capability-orf {none | receive | send | both}   Accept/Send IPv4 ORF lists to/from this neighbor.
                    none     None.
                    receive  Receive ORF lists.
                    send     Send ORF list.
                    both     Send and receive ORF lists.
            set capability-orf6 {none | receive | send | both}   Accept/Send IPv6 ORF lists to/from this neighbor.
                    none     None.
                    receive  Receive ORF lists.
                    send     Send ORF list.
                    both     Send and receive ORF lists.
            set capability-graceful-restart {enable | disable}   Enable/disable advertise IPv4 graceful restart capability to this neighbor.
            set capability-graceful-restart6 {enable | disable}   Enable/disable advertise IPv6 graceful restart capability to this neighbor.
            set capability-route-refresh {enable | disable}   Enable/disable advertise route refresh capability to this neighbor.
            set capability-default-originate {enable | disable}   Enable/disable advertise default IPv4 route to this neighbor.
            set capability-default-originate6 {enable | disable}   Enable/disable advertise default IPv6 route to this neighbor.
            set dont-capability-negotiate {enable | disable}   Don't negotiate capabilities with this neighbor
            set ebgp-enforce-multihop {enable | disable}   Enable/disable allow multi-hop EBGP neighbors.
            set link-down-failover {enable | disable}   Enable/disable failover upon link down.
            set stale-route {enable | disable}   Enable/disable stale route after neighbor down.
            set next-hop-self {enable | disable}   Enable/disable IPv4 next-hop calculation for this neighbor.
            set next-hop-self6 {enable | disable}   Enable/disable IPv6 next-hop calculation for this neighbor.
            set override-capability {enable | disable}   Enable/disable override result of capability negotiation.
            set passive {enable | disable}   Enable/disable sending of open messages to this neighbor.
            set remove-private-as {enable | disable}   Enable/disable remove private AS number from IPv4 outbound updates.
            set remove-private-as6 {enable | disable}   Enable/disable remove private AS number from IPv6 outbound updates.
            set route-reflector-client {enable | disable}   Enable/disable IPv4 AS route reflector client.
            set route-reflector-client6 {enable | disable}   Enable/disable IPv6 AS route reflector client.
            set route-server-client {enable | disable}   Enable/disable IPv4 AS route server client.
            set route-server-client6 {enable | disable}   Enable/disable IPv6 AS route server client.
            set shutdown {enable | disable}   Enable/disable shutdown this neighbor.
            set soft-reconfiguration {enable | disable}   Enable/disable allow IPv4 inbound soft reconfiguration.
            set soft-reconfiguration6 {enable | disable}   Enable/disable allow IPv6 inbound soft reconfiguration.
            set as-override {enable | disable}   Enable/disable replace peer AS with own AS for IPv4.
            set as-override6 {enable | disable}   Enable/disable replace peer AS with own AS for IPv6.
            set strict-capability-match {enable | disable}   Enable/disable strict capability matching.
            set default-originate-routemap {string}   Route map to specify criteria to originate IPv4 default. size[35] - datasource(s): router.route-map.name
            set default-originate-routemap6 {string}   Route map to specify criteria to originate IPv6 default. size[35] - datasource(s): router.route-map.name
            set description {string}   Description. size[63]
            set distribute-list-in {string}   Filter for IPv4 updates from this neighbor. size[35] - datasource(s): router.access-list.name
            set distribute-list-in6 {string}   Filter for IPv6 updates from this neighbor. size[35] - datasource(s): router.access-list6.name
            set distribute-list-out {string}   Filter for IPv4 updates to this neighbor. size[35] - datasource(s): router.access-list.name
            set distribute-list-out6 {string}   Filter for IPv6 updates to this neighbor. size[35] - datasource(s): router.access-list6.name
            set ebgp-multihop-ttl {integer}   EBGP multihop TTL for this peer. range[1-255]
            set filter-list-in {string}   BGP filter for IPv4 inbound routes. size[35] - datasource(s): router.aspath-list.name
            set filter-list-in6 {string}   BGP filter for IPv6 inbound routes. size[35] - datasource(s): router.aspath-list.name
            set filter-list-out {string}   BGP filter for IPv4 outbound routes. size[35] - datasource(s): router.aspath-list.name
            set filter-list-out6 {string}   BGP filter for IPv6 outbound routes. size[35] - datasource(s): router.aspath-list.name
            set interface {string}   Interface size[15] - datasource(s): system.interface.name
            set maximum-prefix {integer}   Maximum number of IPv4 prefixes to accept from this peer. range[1-4294967295]
            set maximum-prefix6 {integer}   Maximum number of IPv6 prefixes to accept from this peer. range[1-4294967295]
            set maximum-prefix-threshold {integer}   Maximum IPv4 prefix threshold value (1 - 100 percent). range[1-100]
            set maximum-prefix-threshold6 {integer}   Maximum IPv6 prefix threshold value (1 - 100 percent). range[1-100]
            set maximum-prefix-warning-only {enable | disable}   Enable/disable IPv4 Only give warning message when limit is exceeded.
            set maximum-prefix-warning-only6 {enable | disable}   Enable/disable IPv6 Only give warning message when limit is exceeded.
            set prefix-list-in {string}   IPv4 Inbound filter for updates from this neighbor. size[35] - datasource(s): router.prefix-list.name
            set prefix-list-in6 {string}   IPv6 Inbound filter for updates from this neighbor. size[35] - datasource(s): router.prefix-list6.name
            set prefix-list-out {string}   IPv4 Outbound filter for updates to this neighbor. size[35] - datasource(s): router.prefix-list.name
            set prefix-list-out6 {string}   IPv6 Outbound filter for updates to this neighbor. size[35] - datasource(s): router.prefix-list6.name
            set remote-as {integer}   AS number of neighbor. range[1-4294967295]
            set local-as {integer}   Local AS number of neighbor. range[0-4294967295]
            set local-as-no-prepend {enable | disable}   Do not prepend local-as to incoming updates.
            set local-as-replace-as {enable | disable}   Replace real AS with local-as in outgoing updates.
            set retain-stale-time {integer}   Time to retain stale routes. range[0-65535]
            set route-map-in {string}   IPv4 Inbound route map filter. size[35] - datasource(s): router.route-map.name
            set route-map-in6 {string}   IPv6 Inbound route map filter. size[35] - datasource(s): router.route-map.name
            set route-map-out {string}   IPv4 Outbound route map filter. size[35] - datasource(s): router.route-map.name
            set route-map-out6 {string}   IPv6 Outbound route map filter. size[35] - datasource(s): router.route-map.name
            set send-community {standard | extended | both | disable}   IPv4 Send community attribute to neighbor.
                    standard  Standard.
                    extended  Extended.
                    both      Both.
                    disable   Disable
            set send-community6 {standard | extended | both | disable}   IPv6 Send community attribute to neighbor.
                    standard  Standard.
                    extended  Extended.
                    both      Both.
                    disable   Disable
            set keep-alive-timer {integer}   Keep alive timer interval (sec). range[0-65535]
            set holdtime-timer {integer}   Interval (sec) before peer considered dead. range[3-65535]
            set connect-timer {integer}   Interval (sec) for connect timer. range[0-65535]
            set unsuppress-map {string}   IPv4 Route map to selectively unsuppress suppressed routes. size[35] - datasource(s): router.route-map.name
            set unsuppress-map6 {string}   IPv6 Route map to selectively unsuppress suppressed routes. size[35] - datasource(s): router.route-map.name
            set update-source {string}   Interface to use as source IP/IPv6 address of TCP connections. size[15] - datasource(s): system.interface.name
            set weight {integer}   Neighbor weight. range[0-65535]
            set restart-time {integer}   Graceful restart delay time (sec, 0 = global default). range[0-3600]
        next
    config neighbor-range
        edit {id}
        # BGP neighbor range table.
            set id {integer}   Neighbor range ID. range[0-4294967295]
            set prefix {ipv4 classnet}   Neighbor range prefix.
            set max-neighbor-num {integer}   Maximum number of neighbors. range[1-1000]
            set neighbor-group {string}   Neighbor group name. size[63] - datasource(s): router.bgp.neighbor-group.name
        next
    config neighbor-range6
        edit {id}
        # BGP IPv6 neighbor range table.
            set id {integer}   IPv6 neighbor range ID. range[0-4294967295]
            set prefix6 {ipv6 network}   IPv6 prefix.
            set max-neighbor-num {integer}   Maximum number of neighbors. range[1-1000]
            set neighbor-group {string}   Neighbor group name. size[63] - datasource(s): router.bgp.neighbor-group.name
        next
    config network
        edit {id}
        # BGP network table.
            set id {integer}   ID. range[0-4294967295]
            set prefix {ipv4 classnet}   Network prefix.
            set backdoor {enable | disable}   Enable/disable route as backdoor.
            set route-map {string}   Route map to modify generated route. size[35] - datasource(s): router.route-map.name
        next
    config network6
        edit {id}
        # BGP IPv6 network table.
            set id {integer}   ID. range[0-4294967295]
            set prefix6 {ipv6 network}   Network IPv6 prefix.
            set backdoor {enable | disable}   Enable/disable route as backdoor.
            set route-map {string}   Route map to modify generated route. size[35] - datasource(s): router.route-map.name
        next
    config redistribute
        edit {name}
        # BGP IPv4 redistribute table.
            set name {string}   Distribute list entry name. size[35]
            set status {enable | disable}   Status
            set route-map {string}   Route map name. size[35] - datasource(s): router.route-map.name
        next
    config redistribute6
        edit {name}
        # BGP IPv6 redistribute table.
            set name {string}   Distribute list entry name. size[35]
            set status {enable | disable}   Status
            set route-map {string}   Route map name. size[35] - datasource(s): router.route-map.name
        next
    config admin-distance
        edit {id}
        # Administrative distance modifications.
            set id {integer}   ID. range[0-4294967295]
            set neighbour-prefix {ipv4 classnet}   Neighbor address prefix.
            set route-list {string}   Access list of routes to apply new distance to. size[35] - datasource(s): router.access-list.name
            set distance {integer}   Administrative distance to apply (1 - 255). range[1-255]
        next
end

Additional information

The following section is for those options that require additional explanation.

About BGP timers:

The BGP timers are just to allow for faster route convergence in the case an interface goes down. You can experiment with these settings based on your needs/requirements:

holdtime-timer — how long the router will wait for a keepalive message before declaring a router offline. A shorter time will find an off-line router faster.

keepalive-timer — how often the router sends out keepalive messages to neighbor routers to maintain those sessions.

advertising-interval -- Set the minimum amount of time (in seconds) that the FortiGate unit waits before sending a BGP routing update to the BGP neighbor.

scan-time -- Configure the background scanner interval (in seconds) for next-hop route scanning.

as {integer}

Enter an integer to specify the local autonomous system (AS) number of the FortiGate. The range is from 1 to
4 294 967 295. A value of 0 disables BGP (disabled by default).

When local_as_id number is different than remote-as of the specified BGP neighbor, an External BGP (EBGP) session is started. Otherwise, an Internal BGP (IBGP) session is started.

bestpath-med-missing-as-worst {enable | disable}

Note: This field is only available when bestpath-med-confed is enabled.

Enable or disable (by default) treating any confederation path with a missing MED metric as the least preferred path.

client-to-client-reflection {enable | disable}

Enable (by default) or disable client-to-client route reflection between IBGP peers. If the clients are fully meshed, route reflection may be disabled.

cluster-id {ipv4 address any}

Set the identifier of the route reflector in the cluster ID to which the FortiGate belongs. If 0 is specified, the FortiGate operates as the route reflector and its router-id value is used as the cluster-id value. If the FortiGate identifies its own cluster ID in the CLUSTER_LIST attribute of a received route, the route is ignored to prevent looping.

dampening {enable | disable}

Enable or disable (by default) route-flap dampening on all BGP routes. A flapping route is unstable and continually transitions down and up (see RFC 2439).

If you enable dampening, you may optionally set dampening-route-map or define the associated values individually using the dampening-* fields.

dampening-max-suppress-time <minutes>

Note: This field is only available when dampening is enabled.

Set the maximum time that a route can be suppressed (1 to 255 minutes, default = 60). A route may continue to accumulate penalties while it is suppressed. However, the route cannot be suppressed longer than the maximum time.

dampening-reachability-half-life <minutes>

Note: This field is only available when dampening is enabled.

Set the time after which any penalty assigned to a reachable (but flapping) route is decreased by half (1 to 45 minutes, default = 15).

dampening-reuse {integer}

Note: This field is only available when dampening is enabled.

Set a dampening reuse limit based on the number of accumulated penalties (1 to 20 000, default = 750). If the penalty assigned to a flapping route decreases enough to fall below the specified limit, the route is not suppressed.

dampening-route-map <route map>

Note: This field is only available when dampening is enabled.

Specify the route map that contains criteria for dampening. You must create a route map before it can be selected here, see router route-map.

dampening-suppress {integer}

Note: This field is only available when dampening is enabled.

Set a dampening-suppression limit based on the number of accumulated penalties (1 to 20 000, default = 2 000). A route is suppressed (not advertised) when its penalty exceeds the specified limit.

dampening-unreachability-half-life <minutes>

Note: This field is only available when dampening is enabled.

Set the time after which the penalty on a route that is considered unreachable is decreased by half (1 to 45 minutes, default = 15).

distance-external {integer}

Set the administrative distance of EBGP routes (1 to 255, default = 20). If you set this value, you must also set distance-internal and distance-local.

distance-internal {integer}

Note: This field is only available when distance-external is set.

Set the administrative distance of IBGP routes (1 to 255, default = 200).

distance-local {integer}

Note: This field is only available when distance-external is set.

Set the administrative distance of local BGP routes (1 to 255, default = 200).

graceful-restart {disable | enable}

Enable or disable (by default) BGP support for the graceful restart feature.

Graceful restart limits the effects of software problems by allowing forwarding to continue when the control plane of the router fails. It also reduces routing flaps by stabilizing the network.

graceful-restart-time <seconds>

Note: This field is only available when graceful-restart is enabled.

Set the time needed for neighbors to restart after a graceful restart (1 to 3600 seconds, default = 120).

graceful-stalepath-time <seconds>

Note: This field is only available when graceful-restart is enabled.

Set the time to hold stale paths of restarting neighbors (1 to 3600 seconds, default = 360).

graceful-update-delay <seconds>

Note: This field is only available when graceful-restart is enabled.

Set the time that route advertisement and selection is delayed after a graceful restart (1 to 3600 seconds, default = 120)

router-id {ipv4 address any}

Specify a fixed identifier for the FortiGate. A value of 0.0.0.0 is not allowed. If router-id is not explicitly set, the highest IP address of the VDOM will be used.

config admin-distance

Use this subcommand to set administrative distance modifications for bgp routes.

route-list <access list>

The list of routes this distance will be applied to. The routes in this list must have been configured in the access list, see router {access-list | access-list6}.

config aggregate-address, config aggregate-address6

Use this subcommand to set or unset BGP aggregate-address table parameters. The subcommand creates a BGP aggregate entry in the routing table. Use aggregate-address for IPv4 routing and aggregate-address6 for IPv6 routing.

When you aggregate routes, routing becomes less precise because path details are not readily available for routing purposes. The aggregate address represents addresses in several autonomous systems. Aggregation reduces the length of the network mask until it masks only the bits that are common to all of the addresses being summarized.

as-set {enable | disable}

Enable or disable (by default) the generation of an unordered list of AS numbers to include in the path information. When enabled, a set-atomic-aggregate value does not have to be specified.

config neighbor

Use this subcommand to set or unset BGP neighbor configuration settings. The subcommand adds a BGP neighbor configuration to the FortiGate.

allowas-in {integer}

Note: This field is available when allowas-in-enable is enabled.

Set the maximum number of occurrences your AS number is allowed in (IPv4).

allowas-in6 {integer}

Note: This field is available when allowas-in-enable6 is enabled.

Set the maximum number of occurrences your AS number is allowed in (IPv6).

attribute-unchanged {as-path | med | next-hop}

Propagate unchanged BGP attributes to the BGP neighbor using one of the following methods (IPv4):

  • To advertise unchanged AS_PATH attributes, select as-path.
  • To advertise unchanged MULTI_EXIT_DISC attributes, select med.
  • To advertise the IP address of the next-hop router interface (even when the address has not changed), select next-hop.
  • An empty set (default) is a supported value.

attribute-unchanged6 {as-path | med | next-hop}

Propagate unchanged BGP attributes to the BGP neighbor using one of the following methods (IPv6):

  • To advertise unchanged AS_PATH attributes, select as-path.
  • To advertise unchanged MULTI_EXIT_DISC attributes, select med.
  • To advertise the IP address of the next-hop router interface (even when the address has not changed), select next-hop.
  • An empty set (default) is a supported value.

capability-orf {none | receive | send | both}

Enable advertising of Outbound Routing Filter (ORF) prefix-list capability to the BGP neighbor using one of the following methods (IPv4)

  • none: disable the advertising of ORF prefix-list capability (default).
  • receive: enable receive capability.
  • send: enable send capability.
  • both: enable send and receive capability.

distribute-list-in <access list>

Limit route updates from the BGP neighbor based on the Network Layer Reachability Information (NLRI) defined in the specified access list (IPv4).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

distribute-list-in6 <access list>

Limit route updates from the BGP neighbor based on the Network Layer Reachability Information (NLRI) defined in the specified access list (IPv6).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

distribute-list-out <access list>

Limit route updates to the BGP neighbor based on the NLRI defined in the specified access list (IPv4).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

distribute-list-out6 <access list>

Limit route updates to the BGP neighbor based on the NLRI defined in the specified access list (IPv6).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

ebgp-multihop-ttl <hop counts>

Note: This field is available when ebgp-enforce-multihop is enabled.

Define a TTL value for BGP packets sent to the BGP neighbor (1 - 255 hop counts, default = 255)

filter-list-in <access list>

Limit inbound BGP routes according to the specified access list (IPv4). You must create the access list before it can be selected here, see router {access-list | access-list6}.

filter-list-in6 <access list>

Limit inbound BGP routes according to the specified access list (IPv6). You must create the access list before it can be selected here, see router {access-list | access-list6}.

filter-list-out <access list>

Limit outbound BGP routes according to the specified access list (IPv4). You must create the access list before it can be selected here, see router {access-list | access-list6}.

filter-list-out6 <access list>

Limit outbound BGP routes according to the specified access list (IPv6). You must create the access list before it can be selected here, see router {access-list | access-list6}.

holdtime-timer <seconds>

Note: This field is available when graceful-restart is enabled.

The amount of time that must expire before the FortiGate declares the BGP neighbor down (3 - 65 535 seconds, no default). This value overrides the global holdtime-timer value.

maximum-prefix {integer}

Set the maximum number of NLRI prefixes to accept from the BGP neighbor (1 - 4 294 967 295, no default) (IPv4). When the maximum is reached, the FortiGate disconnects the BGP neighbor.

Changing this value on the FortiGate does not disconnect the BGP neighbor. However, if the neighbor goes down because it reaches the maximum number of prefixes and you increase the value afterward, the neighbor will be reset.

maximum-prefix6 {integer}

Set the maximum number of NLRI prefixes to accept from the BGP neighbor (1 - 4 294 967 295, no default) (IPv6). When the maximum is reached, the FortiGate disconnects the BGP neighbor.

Changing this value on the FortiGate does not disconnect the BGP neighbor. However, if the neighbor goes down because it reaches the maximum number of prefixes and you increase the value afterward, the neighbor will be reset.

maximum-prefix-threshold {integer}

Note: This field is available when maximum-prefix is set.

Specify the threshold that must be exceeded before a warning message about the maximum number of NLRI prefixes is displayed (1 - 100, default = 75) (IPv4).

maximum-prefix-threshold6 {integer}

Note: This field is available when maximum-prefix is set.

Specify the threshold that must be exceeded before a warning message about the maximum number of NLRI prefixes is displayed(1 - 100, default = 75) (IPv6).

maximum-prefix-warning-only {enable | disable}

Note: This field is available when maximum-prefix is set.

Enable or disable (by default) the display of a warning when the maximum-prefix-threshold has been reached (IPv4).

maximum-prefix-warning-only6 {enable | disable}

Note: This field is available when maximum-prefix6 is set.

Enable or disable (by default) the display of a warning when the maximum-prefix-threshold has been reached (IPv6).

prefix-list-in {string}

Limit route updates from a BGP neighbor based on the Network Layer Reachability Information (NLRI) in the specified prefix list (IPv4). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

prefix-list-in6 {string}

Limit route updates from a BGP neighbor based on the Network Layer Reachability Information (NLRI) in the specified prefix list (IPv6). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

prefix-list-out {string}

Limit route updates to a BGP neighbor based on the NLRI in the specified prefix list (IPv4). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

prefix-list-out6 {string}

Limit route updates to a BGP neighbor based on the NLRI in the specified prefix list (IPv6). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

remote-as {integer}

Adds a BGP neighbor to the FortiGate configuration and sets the AS number of the neighbor (1 - 65 535, no default).

If the number is identical to the AS number of the FortiGate, the FortiGate communicates with the neighbor using internal BGP (IBGP). Otherwise, the neighbor is an external peer and the FortiGate uses EBGP to communicate with the neighbor.

retain-stale-time <seconds>

Note: This field is available when capability-graceful-restart is enabled.

Specify the time that stale routes to the BGP neighbor will be retained (1 - 65 535 seconds, default = 0).

route-map-in <route map>

Limit route updates or change the attributes of route updates from the BGP neighbor according to the specified route map (IPv4). You must create the route map before it can be selected here, see router route-map.

route-map-in6 <route map>

Limit route updates or change the attributes of route updates from the BGP neighbor according to the specified route map (IPv6). You must create the route map before it can be selected here, see router route-map.

route-map-out <route map>

Limit route updates or change the attributes of route updates to the BGP neighbor according to the specified route map (IPv4). You must create the route map before it can be selected here, see router route-map.

route-map-out6 <route map>

Limit route updates or change the attributes of route updates to the BGP neighbor according to the specified route map (IPv6). You must create the route map before it can be selected here, see router route-map.

send-community {standard | extended | both | disable}

Enable sending the COMMUNITY attribute to the BGP neighbor using one of the following methods (IPv4):

  • standard: advertise standard capabilities
  • extended: advertise extended capabilities
  • both: advertise extended and standard capabilities (default)
  • disable: disable the advertising of the COMMUNITY attribute

send-community6 {standard | extended | both | disable}

Enable sending the COMMUNITY attribute to the BGP neighbor using one of the following methods (IPv6):

  • standard: advertise standard capabilities
  • extended: advertise extended capabilities
  • both: advertise extended and standard capabilities (default)
  • disable: disable the advertising of the COMMUNITY attribute

unsuppress-map <route map>

Specify the name of the route map to selectively unsuppress suppressed routes (IPv4). You must create the route map before it can be selected here, see router route-map.

unsuppress-map6 <route map>

Specify the name of the route map to selectively unsuppress suppressed routes (IPv6). You must create the route map before it can be selected here, see router route-map.

config conditional-advertise

Use this subcommand to set BGP conditional advertising.

advertise-routemap <route map>

Specify the name of the advertising route map. You must create the route map before it can be selected here, see router route-map.

condition-routemap <route map>

Specify the name of the condition route map. You must create the route map before it can be selected here, see router route-map.

condition-type {exist | non‑exist}

Select the type of condition: exist if route map is matched (default), non-exist if route map is not matched.

config neighbor-group

Use this subcommand to set or unset BGP neighbor group settings.

allowas-in {integer}

Note: This field is available when allowas-in-enable is enabled.

Set the maximum number of occurrences your AS number is allowed in (IPv4).

allowas-in6 {integer}

Note: This field is available when allowas-in-enable6 is enabled.

Set the maximum number of occurrences your AS number is allowed in (IPv6).

attribute-unchanged {as-path | med | next-hop}

Propagate unchanged BGP attributes to the BGP neighbor using one of the following methods (IPv4):

  • To advertise unchanged AS_PATH attributes, select as-path.
  • To advertise unchanged MULTI_EXIT_DISC attributes, select med.
  • To advertise the IP address of the next-hop router interface (even when the address has not changed), select next-hop.
  • An empty set (default) is a supported value.

attribute-unchanged6 {as-path | med | next-hop}

Propagate unchanged BGP attributes to the BGP neighbor using one of the following methods (IPv6):

  • To advertise unchanged AS_PATH attributes, select as-path.
  • To advertise unchanged MULTI_EXIT_DISC attributes, select med.
  • To advertise the IP address of the next-hop router interface (even when the address has not changed), select next-hop.
  • An empty set (default) is a supported value.

capability-orf {none | receive | send | both}

Enable advertising of Outbound Routing Filter (ORF) prefix-list capability to the BGP neighbor using one of the following methods (IPv4)

  • none: disable the advertising of ORF prefix-list capability (default).
  • receive: enable receive capability.
  • send: enable send capability.
  • both: enable send and receive capability.

default-originate-routemap <route map>

Set the route map used to specify criterial to originate default (IPv4). You must create the route map before it can be selected here,see router route-map.

default-originate-routemap6 <route map>

Set the route map used to specify criterial to originate default (IPv6). You must create the route map before it can be selected here,see router route-map.

distribute-list-in <access list>

Limit route updates from the BGP neighbor based on the Network Layer Reachability Information (NLRI) defined in the specified access list (IPv4). You must create the access list before it can be selected here, see router {access-list | access-list6}.

distribute-list-in6 <access list>

Limit route updates from the BGP neighbor based on the Network Layer Reachability Information (NLRI) defined in the specified access list (IPv6). You must create the access list before it can be selected here, see router {access-list | access-list6}.

distribute-list-out <access list>

Limit route updates to the BGP neighbor based on the NLRI defined in the specified access list (IPv4). You must create the access list before it can be selected here, see router {access-list | access-list6}.

distribute-list-out6 <access list>

Limit route updates to the BGP neighbor based on the NLRI defined in the specified access list (IPv6). You must create the access list before it can be selected here, see router {access-list | access-list6}.

ebgp-multihop-ttl <hop counts>

Note: This field is available when ebgp-enforce-multihop is enabled.

Define a TTL value for BGP packets sent to the BGP neighbor (1 - 255 hop counts, default = 255)

filter-list-in <access list>

Limit inbound BGP routes according to the specified AS-path list (IPv4). You must create the access list before it can be selected here, see router {access-list | access-list6}.

filter-list-in6 <access list>

Limit inbound BGP routes according to the specified AS-path list (IPv6).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

filter-list-out <access list>

Limit outbound BGP routes according to the specified AS-path list (IPv4).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

filter-list-out6 <access list>

Limit outbound BGP routes according to the specified AS-path list (IPv6).

You must create the access list before it can be selected here, see router {access-list | access-list6}.

holdtime-timer {integer}

Note: This field is available when graceful-restart is enabled.

The amount of time that must expire before the FortiGate declares the BGP neighbor down (3 - 65 535 seconds, no default). This value overrides the global holdtime-timer value.

maximum-prefix {integer}

Set the maximum number of NLRI prefixes to accept from the BGP neighbor (1 - 4 294 967 295, no default) (IPv4). When the maximum is reached, the FortiGate disconnects the BGP neighbor.

Changing this value on the FortiGate does not disconnect the BGP neighbor. However, if the neighbor goes down because it reaches the maximum number of prefixes and you increase the value afterward, the neighbor will be reset.

maximum-prefix6 {integer}

Set the maximum number of NLRI prefixes to accept from the BGP neighbor (1 - 4 294 967 295, no default) (IPv6). When the maximum is reached, the FortiGate disconnects the BGP neighbor.

Changing this value on the FortiGate does not disconnect the BGP neighbor. However, if the neighbor goes down because it reaches the maximum number of prefixes and you increase the value afterward, the neighbor will be reset.

maximum-prefix-threshold {integer}

Note: This field is available when maximum-prefix is set.

Specify the threshold that must be exceeded before a warning message about the maximum number of NLRI prefixes is displayed (1 - 100, default = 75) (IPv4).

maximum-prefix-threshold6 {integer}

Note: This field is available when maximum-prefix is set.

Specify the threshold that must be exceeded before a warning message about the maximum number of NLRI prefixes is displayed(1 - 100, default = 75) (IPv6).

maximum-prefix-warning-only {enable | disable}

Note: This field is available when maximum-prefix is set.

Enable or disable (by default) the display of a warning when the maximum-prefix-threshold has been reached (IPv4).

maximum-prefix-warning-only6 {enable | disable}

Note: This field is available when maximum-prefix6 is set.

Enable or disable (by default) the display of a warning when the maximum-prefix-threshold has been reached (IPv6).

prefix-list-in {string}

Limit route updates from a BGP neighbor based on the Network Layer Reachability Information (NLRI) in the specified prefix list (IPv4). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

prefix-list-in6 {string}

Limit route updates from a BGP neighbor based on the Network Layer Reachability Information (NLRI) in the specified prefix list (IPv6). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

prefix-list-out {string}

Limit route updates to a BGP neighbor based on the NLRI in the specified prefix list (IPv4). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

prefix-list-out6 {string}

Limit route updates to a BGP neighbor based on the NLRI in the specified prefix list (IPv6). The prefix list defines the NLRI prefix and length advertised in a route.

You must create the prefix list before it can be selected here, see router {prefix-list | prefix-list6}.

remote-as {integer}

Adds a BGP neighbor to the FortiGate configuration and sets the AS number of the neighbor (1 - 65 535, no default).

If the number is identical to the AS number of the FortiGate, the FortiGate communicates with the neighbor using internal BGP (IBGP). Otherwise, the neighbor is an external peer and the FortiGate uses EBGP to communicate with the neighbor.

retain-stale-time {integer}

Note: This field is available when capability-graceful-restart is enabled.

Specify the time that stale routes to the BGP neighbor will be retained (1 - 65 535 seconds, default = 0).

route-map-in <route map>

Limit route updates or change the attributes of route updates from the BGP neighbor according to the specified route map (IPv4). You must create the route map before it can be selected here, see router route-map.

route-map-in6 <route map>

Limit route updates or change the attributes of route updates from the BGP neighbor according to the specified route map (IPv6). You must create the route map before it can be selected here, see router route-map.

route-map-out <route map>

Limit route updates or change the attributes of route updates to the BGP neighbor according to the specified route map (IPv4). You must create the route map before it can be selected here, see router route-map.

route-map-out6 <route map>

Limit route updates or change the attributes of route updates to the BGP neighbor according to the specified route map (IPv6). You must create the route map before it can be selected here, see router route-map.

route-reflector-client {enable | disable}

Note: This field is available when remote-as is identical to the FortiGate AS number.

Enable or disable (by default) the operation of the FortiGate unit as a route reflector and identify the BGP neighbor as a route reflector client (IPv4).

Inbound routes for route reflectors can change the next-hop, local-preference, med, and as-path attributes of IBGP routes for local route selection, while outbound IBGP routes do not take into effect these attributes.

route-reflector-client6 {enable | disable}

Note: This field is available when remote-as is identical to the FortiGate AS number.

Enable or disable (by default) the operation of the FortiGate unit as a route reflector and identify the BGP neighbor as a route reflector client (IPv6).

Inbound routes for route reflectors can change the next-hop, local-preference, med, and as-path attributes of IBGP routes for local route selection, while outbound IBGP routes do not take into effect these attributes.

send-community {standard | extended | both | disable}

Enable sending the COMMUNITY attribute to the BGP neighbor using one of the following methods (IPv4):

  • standard: advertise standard capabilities
  • extended: advertise extended capabilities
  • both: advertise extended and standard capabilities (default)
  • disable: disable the advertising of the COMMUNITY attribute

send-community6 {standard | extended | both | disable}

Enable sending the COMMUNITY attribute to the BGP neighbor using one of the following methods (IPv6):

  • standard: advertise standard capabilities
  • extended: advertise extended capabilities
  • both: advertise extended and standard capabilities (default)
  • disable: disable the advertising of the COMMUNITY attribute

unsuppress-map <route map>

Specify the name of the route map to selectively unsuppress suppressed routes (IPv4). You must create the route map before it can be selected here, see router route-map.

unsuppress-map6 <route map>

Specify the name of the route map to selectively unsuppress suppressed routes (IPv6). You must create the route map before it can be selected here, see router route-map.

config neighbor-range, config neighbor-range6

Use this subcommand to set or unset BGP neighbor range settings. Use neigbor-range for IPv4 and neighbor-range6 for IPv6.

neighbor-group {string}

Specify the name of the neighbor group. You must create the group before it may be selected here.

config network, config network6

Use this subcommand to set or unset BGP network configuration parameters. The subcommand is used to advertise a BGP network by specifying the IP addresses making up the local BGP network. Use network for IPv4 and network6 for IPv6.

route-map <route map>

Specify the name of the route map that will be used to modify the attributes of the route before it is advertised. You must create the route map before it can be selected here, see router route-map.

config redistribute, config redistribute6 {connected | isis | static | rip | ospf}

Use this subcommand to set or unset BGP redistribution table parameters. Use redistribute for IPv4 and redistribute6 for IPv6.

You can enable BGP to provide connectivity between connected, static, RIP, and/or OSPF routes. BGP redistributes the routes from one protocol to another. When a large internetwork is divided into multiple routing domains, use the subcommand to redistribute routes to the various domains.

The BGP redistribution table contains five static entries. You cannot add entries to the table. The entries are defined as follows:

  • connected: Redistribute routes learned from a direct connection to the destination network
  • isis: Redistribute routes learned from ISIS
  • static: Redistribute the static routes defined in the FortiGate unit routing table
  • rip: Redistribute routes learned from RIP
  • ospf: Redistribute routes learned from OSPF

route-map <route map>

Specify the name of the route map that identifies the routes to redistribute. If a route map is not specified, all routes are redistributed to BGP. You must create the route map before it can be selected here, see router route-map.