# config firewall vipBGP configuration.
edit "nat-in "
set extip 10.20.10.10
set mappedip "192.168.1.1"
set extintf "any"
set arp-reply disable
next
end
# config router bgpWhen BGP peering is established, the neighbors need to form a TCP connection on port 179.
set as xx
set router-id 10.20.10.10
set graceful-restart enable
# config neighbor
edit "10.20.10.9"
set interface "port1"
set remote-as xx
next
end
end
Local port: 10457FortiGate is using TCP port as 10457 and for remote BGP neighbor using port 179.
Foreign port: 179
# get router info bgp neighbors 10.20.10.92) BGP peering not working if traffic initiated by Remote BGP Neighbor:
……
Connections established 3; dropped 2
External BGP neighbor may be up to 255 hops away.
local host: 10.20.10.10, Local port: 10457
Foreign host: 10.20.10.9, Foreign port: 179
Nexthop: 10.20.10.10
Nexthop interface: ports
Local port: 179Remote BGP Neighbor is using TCP port as 8097 and is using port 179 for FortiGate.
Foreign port: 8097
# get router info bgp neighbors 10.20.10.9In the above output, it is possible to see that instead of local host as 10.20.10.10, the FortiGate is having local host as 192.168.1.1, which is the VIP mapped IP address.
……
Connections established 1; dropped 0
External BGP neighbor may be up to 255 hops away.
local host: 192.168.1.1, Local port: 179
Foreign host: 10.20.10.9, Foreign port: 8097
Nexthop: 192.168.1.1
Nexthop interface: loopback
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.