Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    7.2.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Add static route tag and BGP neighbor password 7.2.4

    Add static route tag and BGP neighbor password 7.2.4

    Note

    This information is also available in the FortiOS 7.2 Administration Guide:

    The following routing extensions are added:

    • Static route tags:

      config router static
    edit <seq-num>
        set tag <id>
    next
end

    • BGP neighbor passwords (used for the neighbor range):

      config router bgp
    config neighbor-group
        edit <name>
            set password <password>
        next
    end
end

    Example 1

    In this example, a static route is configured with a route tag. The route tag is then matched in the route map, and used to set the route's metric and advertise to the BGP neighbor.

    To configure the FortiGate:

    1. Configure the static route:

      config router static
    edit 1
        set dst 77.7.7.7 255.255.255.255
        set distance 2
        set device "R560"
        set tag 565
    next
end

    2. Configure the route map:

      config router route-map
    edit "map1"
        config rule
            edit 2
                set match-tag 565
                set set-metric 2301
            next
        end
    next
end

    3. Configure the BGP neighbor:

      config router bgp
    config neighbor
        edit "10.100.1.2"
            set route-map-out "map1"
        next
    end
end

      On its neighbor side, router R1 receives the advertised route from the FortiGate router R5.

    4. Verify the BGP routing table:

      # get router info routing-table bgp
Routing table for VRF=0
B       77.7.7.7/32 [20/2301] via 10.100.1.1 (recursive is directly connected, R150), 03:18:53, [1/0]

    5. Verify the network community:

      # get router info bgp network 77.7.7.7/32
VRF 0 BGP routing table entry for 77.7.7.7/32
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Advertised to non peer-group peers:
   2.2.2.2 3.3.3.3 10.100.1.5 2000::2:2:2:2
  Original VRF 0
  20
    10.100.1.1 from 10.100.1.1 (5.5.5.5)
      Origin incomplete metric 2301, localpref 200, valid, external, best
      Last update: Wed Oct  5 16:48:28 2022

    Example 2

    In this example, a BGP group is configured, and it uses a password to establish the neighborhood.

    To configure the BGP group:

    1. Configure the R3 FortiGate settings:

      config router bgp
    config neighbor-group
        edit "FGT"
            set soft-reconfiguration enable
            set remote-as 65050
            set local-as 65518
            set local-as-no-prepend enable
            set local-as-replace-as enable
            set route-map-in "del-comm"
            set keep-alive-timer 30
            set holdtime-timer 90
            set update-source "npu0_vlink0"
            set weight 1000
            set password ENC ********
        next
    end
    config neighbor-range
        edit 1
            set prefix 172.16.201.0 255.255.255.0
            set max-neighbor-num 10
            set neighbor-group "FGT"
        next
    end
end

    2. Configure the R4 router settings:

      config router bgp
    config neighbor
        edit "172.16.201.1"
            set soft-reconfiguration enable
            set remote-as 65518
            set password ********
        next
    end
end
    Previous
    Next

    Add static route tag and BGP neighbor password 7.2.4

    Add static route tag and BGP neighbor password 7.2.4

    Note

    This information is also available in the FortiOS 7.2 Administration Guide:

    The following routing extensions are added:

    • Static route tags:

      config router static
    edit <seq-num>
        set tag <id>
    next
end

    • BGP neighbor passwords (used for the neighbor range):

      config router bgp
    config neighbor-group
        edit <name>
            set password <password>
        next
    end
end

    Example 1

    In this example, a static route is configured with a route tag. The route tag is then matched in the route map, and used to set the route's metric and advertise to the BGP neighbor.

    To configure the FortiGate:

    1. Configure the static route:

      config router static
    edit 1
        set dst 77.7.7.7 255.255.255.255
        set distance 2
        set device "R560"
        set tag 565
    next
end

    2. Configure the route map:

      config router route-map
    edit "map1"
        config rule
            edit 2
                set match-tag 565
                set set-metric 2301
            next
        end
    next
end

    3. Configure the BGP neighbor:

      config router bgp
    config neighbor
        edit "10.100.1.2"
            set route-map-out "map1"
        next
    end
end

      On its neighbor side, router R1 receives the advertised route from the FortiGate router R5.

    4. Verify the BGP routing table:

      # get router info routing-table bgp
Routing table for VRF=0
B       77.7.7.7/32 [20/2301] via 10.100.1.1 (recursive is directly connected, R150), 03:18:53, [1/0]

    5. Verify the network community:

      # get router info bgp network 77.7.7.7/32
VRF 0 BGP routing table entry for 77.7.7.7/32
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Advertised to non peer-group peers:
   2.2.2.2 3.3.3.3 10.100.1.5 2000::2:2:2:2
  Original VRF 0
  20
    10.100.1.1 from 10.100.1.1 (5.5.5.5)
      Origin incomplete metric 2301, localpref 200, valid, external, best
      Last update: Wed Oct  5 16:48:28 2022

    Example 2

    In this example, a BGP group is configured, and it uses a password to establish the neighborhood.

    To configure the BGP group:

    1. Configure the R3 FortiGate settings:

      config router bgp
    config neighbor-group
        edit "FGT"
            set soft-reconfiguration enable
            set remote-as 65050
            set local-as 65518
            set local-as-no-prepend enable
            set local-as-replace-as enable
            set route-map-in "del-comm"
            set keep-alive-timer 30
            set holdtime-timer 90
            set update-source "npu0_vlink0"
            set weight 1000
            set password ENC ********
        next
    end
    config neighbor-range
        edit 1
            set prefix 172.16.201.0 255.255.255.0
            set max-neighbor-num 10
            set neighbor-group "FGT"
        next
    end
end

    2. Configure the R4 router settings:

      config router bgp
    config neighbor
        edit "172.16.201.1"
            set soft-reconfiguration enable
            set remote-as 65518
            set password ********
        next
    end
end
    Previous
    Next