Description
This article describes how the 'set interface' and 'set update-source' BGP commands operate on a FortiGate device.
Scope
Any supported version of FortiGate.
Solution
Using set interface <interface_name>:
config router bgp
set as 65412
set router-id 1.1.1.1
config neighbor
edit "172.16.2.2"
set interface "port2" <-----------
set remote-as 65412
next
end
diagnose sniffer packet any " port 179 " 4
Using Original Sniffing Mode
interfaces=[any]
filters=[ port 179 ]
^C
0 packets received by filter
0 packets dropped by kernel
When 'set interface' is configured under BGP neighbor, it makes the BGP process in a listening state for all incoming BGP port 179 connections. FortiGate will act as a 'passive' BGP peer. It does not initiate or start the BGP peering itself - it waits for incoming BGP connections. If the BGP peering goes down for any reason, the neighbourship will stay inactive or idle until the remote BGP peer initiates the session.
Using set update-source <interface_name>:
config router bgp
set as 65412
set router-id 1.1.1.1
config neighbor
edit "172.16.2.2"
set remote-as 65412
set update-source "port2" <-----------
next
end
diagnose sniffer packet any " port 179 " 4
Using Original Sniffing Mode
interfaces=[any]
filters=[ port 179 ]
0.788186 port2 out 172.16.2.1.8879 -> 172.16.2.2.179: syn 2353844132
2.868132 port2 out 172.16.2.1.8879 -> 172.16.2.2.179: syn 2353844132
When 'set update-source' is configured under BGP neighbor, FortiGate can initiate the BGP peering itself through that interface or the incoming BGP connection can be accepted. FortiGate will behave as an 'active' BGP peer.
