Add static route tag and BGP neighbor password 7.2.4

This information is also available in the FortiOS 7.2 Administration Guide: Static route tags BGP neighbor password

The following routing extensions are added:

• Static route tags:

  config router static
      edit <seq-num>
          set tag <id>
      next
  end

• BGP neighbor passwords (used for the neighbor range):

  config router bgp
      config neighbor-group
          edit <name>
              set password <password>
          next
      end
  end

Example 1

In this example, a static route is configured with a route tag. The route tag is then matched in the route map, and used to set the route's metric and advertise to the BGP neighbor.

To configure the FortiGate:

1. Configure the static route:

   config router static
       edit 1
           set dst 77.7.7.7 255.255.255.255
           set distance 2
           set device "R560"
           set tag 565
       next
   end

2. Configure the route map:

   config router route-map
       edit "map1"
           config rule
               edit 2
                   set match-tag 565
                   set set-metric 2301
               next
           end
       next
   end

3. Configure the BGP neighbor:

   config router bgp
       config neighbor
           edit "10.100.1.2"
               set route-map-out "map1"
           next
       end
   end

   On its neighbor side, router R1 receives the advertised route from the FortiGate router R5.

4. Verify the BGP routing table:

   # get router info routing-table bgp
   Routing table for VRF=0
   B       77.7.7.7/32 [20/2301] via 10.100.1.1 (recursive is directly connected, R150), 03:18:53, [1/0]

5. Verify the network community:

   # get router info bgp network 77.7.7.7/32
   VRF 0 BGP routing table entry for 77.7.7.7/32
   Paths: (1 available, best #1, table Default-IP-Routing-Table)
     Advertised to non peer-group peers:
      2.2.2.2 3.3.3.3 10.100.1.5 2000::2:2:2:2
     Original VRF 0
     20
       10.100.1.1 from 10.100.1.1 (5.5.5.5)
         Origin incomplete metric 2301, localpref 200, valid, external, best
         Last update: Wed Oct  5 16:48:28 2022

Example 2

In this example, a BGP group is configured, and it uses a password to establish the neighborhood.

To configure the BGP group:

1. Configure the R3 FortiGate settings:

   config router bgp
       config neighbor-group
           edit "FGT"
               set soft-reconfiguration enable
               set remote-as 65050
               set local-as 65518
               set local-as-no-prepend enable
               set local-as-replace-as enable
               set route-map-in "del-comm"
               set keep-alive-timer 30
               set holdtime-timer 90
               set update-source "npu0_vlink0"
               set weight 1000
               set password ENC ********
           next
       end
       config neighbor-range
           edit 1
               set prefix 172.16.201.0 255.255.255.0
               set max-neighbor-num 10
               set neighbor-group "FGT"
           next
       end
   end

2. Configure the R4 router settings:

   config router bgp
       config neighbor
           edit "172.16.201.1"
               set soft-reconfiguration enable
               set remote-as 65518
               set password ********
           next
       end
   end