Using firewall addresses and groups for BGP network prefixes
Firewall addresses (ipmask
and interface-subnet
types) and groups can be used for BGP prefixes.
config firewall address edit <address> set allow-routing {enable | disable} next end config firewall addrgrp edit <group> set allow-routing {enable | disable} next end config router bgp config network edit <id> set prefix-name <address or group> next end end
allow-routing {enable | disable} |
Enable/disable use of this address/group in routing configurations. |
prefix-name <address or group> |
Name of firewall address or address group. |
To configure firewall addresses and groups and use them in BGP network prefixes:
-
Configure firewall addresses and groups with allow-routing enabled:
config firewall address edit "222" set allow-routing enable set subnet 22.2.3.0 255.255.255.0 next edit "333" set allow-routing enable set subnet 33.1.1.0 255.255.255.0 next edit "555" set type interface-subnet set allow-routing enable set subnet 66.6.2.0 255.255.255.0 set interface "port6" next edit "vlan55 address" set type interface-subnet set allow-routing enable set subnet 55.2.2.0 255.255.255.0 set interface "vlan55" next end
config firewall addrgrp edit "group1" set allow-routing enable set member "222" "555" next end
-
Configure BGP network prefixes
config router bgp ... config network edit 2 set prefix-name "333" next edit 20 set network-import-check disable set prefix-name "group1" next edit 66 set prefix-name "vlan55 address" next end ... end