FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to modify the distance of iBGP or eBGP routes learned from BGP neighbors.
Solution Consider the following example. There is an eBGP neighborship between two FortiGate devices.
** FGT-I **
# config router bgp set as 65101 # config neighbor edit "10.5.20.134" set soft-reconfiguration enable set remote-as 65102 next end # config redistribute "connected" set status enable end end
** FGT-II **
# config router bgp set as 65102 # config neighbor edit "10.5.19.83" set soft-reconfiguration enable set remote-as 65101 next end # config redistribute "connected" set status enable end end
Since connected routes are advertised over BGP peers, FGT-I is learning a BGP route 10.0.0.0/20 from FGT II as shown in routing table below.
FGT-I # get router info routing-table all B 10.0.0.0/20 [20/0] via 10.5.20.134, wan1, 00:00:04
On FGT-I, the external distance of 50 will be defined as shown below.
# config router bgp set distance-external 50 end end
After making changes, it is advised to perform a soft BGP reset.
FGT-I # execute router clear bgp all soft
The route learned from eBGP peer will be advertised now with a distance of 50.
FGT-I # get router info routing-table all B 10.0.0.0/20 [50/0] via 10.5.20.134, wan1, 00:00:00
distance-external Distance for routes external to the AS. integer Minimum value: 1 Maximum value: 255 Default: 20 (eBGP) distance-internal Distance for routes internal to the AS. integer Minimum value: 1 Maximum value: 255 Deafault: 200 (iBGP)
Likewise if a route is learned from an iBGP peer, the default distance is set to a value of 200. This can be modified to another distance value by 'set distance-internal' under BGP settings.
