Fortigate – filtering inbound BGP routes from neighbors, including Default
March 20, 2016
Posted by on
The other night I had need to stop receiving a default route advertised from my BGP peer. I also thought it would be helpful for anyone that is needing to do this – and to help myself, since I forget often, to write it up.
First thing we need to do is create a Prefix list to either allow or deny the routes we want. In this case I want to filter out the default route that is being propagated to me.
config router prefix-list
The things to note, rule 10 – I match that route exact (default). then in rule 100 I allow any other prefix – hence the “le 32”. that means anything that starts from 0.0.0.0/0-32 and since the 0/0 is blocked already in policy 10- everything else is allowed.
The we need to create our Route map to allow these routes on our in bound direction
config router route-map
Then lets apply the route-map to our peer.
config router bgp
After applying the route-map to the inbound direction we need to clear BGP either soft, or full to make our routing changes take effect.
Run this command to check the BGP advertisements for changes, and synchronize after that.
exe router clear bgp all in soft, or clear both directions (softly) with exe router clear bgp all soft
That should do it, and you will see the default route disappear from the routes learned from your peer. You can also do this to filter routes to any destination network.