Fortigate – filtering inbound BGP routes from neighbors, including Default

The other night I had need to stop receiving a default route advertised from my BGP peer. I  also thought it would be helpful for anyone that is needing to do this – and to help myself, since I forget often, to write it up.

First thing we need to do is create a Prefix list to either allow or deny the routes we want. In this case I want to filter out the default route that is being propagated to me.

config router prefix-list

prefix.

The things to note, rule 10 – I match that route exact (default). then in rule 100 I allow any other prefix – hence the “le 32”. that means anything that starts from 0.0.0.0/0-32 and since the 0/0 is blocked already in policy 10- everything else is allowed.

The we need to create our Route map to allow these routes on our in bound direction

config router route-map

Route-map

Then lets apply the route-map to our peer.

config router bgp

bgp

After applying the route-map to the inbound direction we need to clear BGP either soft, or full to make our routing changes take effect.

Run this command to check the BGP advertisements for changes, and synchronize after that.

exe router clear bgp all in soft, or clear both directions (softly) with exe router clear bgp all soft

That should do it, and you will see the default route disappear from the routes learned from your peer. You can also do this to filter routes to any destination network.

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: