ADVPN with BGP as the routing protocol

This is a sample configuration of ADVPN with BGP as the routing protocol. The following options must be enabled for this configuration:

  • On the hub FortiGate, IPsec phase1-interface net-device disable must be run.

  • IBGP must be used between the hub and spoke FortiGates.

  • bgp neighbor-group/neighbor-range must be reused.

To configure ADVPN with BGP as the routing protocol using the CLI:
  1. Configure hub FortiGate WAN interface, internal interface, and a static route:

    config system interface
        edit "port9"
            set alias "WAN"
            set ip 22.1.1.1 255.255.255.0
        next
        edit "port10"
            set alias "Internal"
            set ip 172.16.101.1 255.255.255.0
        next
    end   
    config router static
        edit 1
            set gateway 22.1.1.2
            set device "port9"
        next  
    end  		
  2. Configure the hub FortiGate:

    1. Configure the hub FortiGate IPsec phase1-interface and phase2-interface:

      config vpn ipse