To establish the BGP session, IP addresses must be assigned to the tunnel interfaces that BGP will use to peer.
The hub IP address is set to the address that the tunnels connect to. The remote IP address is set to highest unused IP address that is part of the tunnel network. This establishes two connected routes directly back to the branch FortiGate in the hub FortiGate's routing table.
Ping is allowed on the virtual interface to confirm that a point to point tunnel has been established between the hub and branch FortiGates.
config system interface edit "vpn-isp-a" set vdom "root" set ip 10.254.0.1 255.255.255.255 set allowaccess ping set type tunnel set remote-ip 10.254.0.254 255.255.255.0 set interface "port2" next edit "vpn-isp-b" set vdom "root" set ip 10.254.1.1 255.255.255.255 set allowaccess ping set type tunnel set remote-ip 10.254.1.254 255.255.255.0 set interface "port3" next end