Enable BGP on the Firewall, Firewall Cluster, or Virtual Firewall

You must enable BGP for the Firewall, Firewall Cluster, or Virtual Firewall in the Engine Editor.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Right-click an engine, then select Edit <element type>.
  3. In the navigation pane on the left, browse to Routing > Dynamic Routing.
  4. In the BGP section, select Enabled.
  5. (Optional) Enter the Router ID in the Router ID field.
  6. If you do not want to use the default BGP Profile, select another BGP Profile element from the BGP Profile drop-down list.
  7. Select an Autonomous System element from the Autonomous System drop-down list.
  8. (Optional) To add Announced Networks, click Add.
    You can add hosts, networks, or groups that contain both hosts and networks.
  9. (Optional) To add a network to the Antispoofing pane, click Add next to the Additional Networks to Automatically Add to Antispoofing table.
    You can add hosts, networks, or groups that contain both hosts and networks.
  10. Click Save.

Next steps

You are now ready to add a BGP Peering element to the engine on the Routing branch.

Engine Editor > Routing > Dynamic Routing

Use this branch to configure dynamic routing for the engine. Dynamic routing enables firewalls to automatically change their routing when the network topology changes.

Option Definition
BGP section
Enabled When selected, the BGP protocol for dynamic routing is enabled.
Router ID Enter an ID for the Firewall. The ID must be unique. Often, the global IPv4 address is the ID. By default, the Router ID is automatically the loopback CVI address or the highest CVI address available on the Firewall Cluster.
BGP Profile Select the BGP Profile to use. The element contains distance, redistribution, and aggregation settings.
Autonomous System Select the Autonomous System (AS) to use. An AS represents a whole network or a series of networks.
Announced Networks table You can add hosts, networks, or groups that contain both hosts and networks. Click Add to add an element to the table, or Remove to remove the selected element.
Option Definition
OSPFv2 section
Enabled When selected, the OSPFv2 protocol for dynamic routing is enabled.
Router ID Enter an ID for the Firewall.
OSPFv2 Profile Select the OSPFv2 Profile to use. The element contains distance, redistribution, and aggregation settings.
Additional Networks to Automatically Add to Antispoofing Elements that you add are automatically added under all interfaces (that have dynamic routing elements configured) on the Antispoofing branch in the Engine Editor. You can add hosts, networks, or groups that contain both hosts and networks. Click Add to add an element to the table, or Remove to remove the selected element.
Option Definition
Equal Cost Multi Path Count

(Optional, BGP only)

Enter the number of paths in the operating system routing table that have an equal routing priority for multi-path routing.
Additional Networks to Automatically Add to Antispoofing

(Optional, all protocols)

Elements that you add are automatically added under all interfaces (that have dynamic routing elements configured) on the Antispoofing branch in the Engine Editor. You can add hosts, networks, or groups that contain both hosts and networks. Click Add to add an element to the table, or Remove to remove the selected element.