Configure BGP

You can configure BGP neighbors and networks on the CLI.

Configure BGP networks and neighbors

To enter the BGP configuration mode, enter the following options:
1. For Route configuration: 3
2. For Configure unicast routing: 1
3. For Configure BGP: 3
You'll see the following prompt: bgp>
Open BGP configuration: bgp>enable
Open the router configuration for related details: bgp#configure terminal
Enter the BGP router configuration mode:

bgp(config)#router bgp <AS number>

Note

If you haven't already assigned an AS number, the command assigns the number you enter.
(Optional) Manually configure the router ID:

bgp(config-router)# bgp router-id <ip address format>

Enter the ID in the IPv4 address format, for example, 1.1.1.1. It doesn't need to be a valid IP address.

By default, the firewall automatically selects the highest IP address of all the configured interfaces as the router ID.
To configure a network, do as follows:
1. Specify the network's IP version using one of the following commands:
  - bgp(config-router)#address family ipv4 unicast
  - bgp(config-router)#address family ipv6 unicast
  Note
  
  To change the IP version, exit the address family mode (exit), then enter the IP version command you want.
2. Enter an IPv4 or IPv6 network:
  - IPv4: bgp(config-router-af)#network <ipv4 address>/<subnet mask>
  - IPv6: bgp(config-router-af)#network <ipv6 address>/<prefix>
  Example
  
  network 10.10.10.0/24
  
  network 2008:DB9::/32
3. (Optional) Don't advertise IPv4 networks to IPv6 neighbors:
  1. bgp(config-router)#address family ipv4 unicast
  2. bgp(config-router-af)#no neighbor <ipv6 address> activate
  Note
  
  By default, the firewall advertises IPv4 networks to all neighbors. Enter the command to make sure these aren't advertised to IPv6 neighbors when you configure an IPv6 neighbor on the CLI.
  
  For web admin console configurations, the firewall automatically adds this command to IPv4 networks.
4. Advertise IPv6 networks to IPv6 neighbors:
  1. bgp(config-router-af)#exit (If you're in IPv4 mode.)
  2. bgp(config-router)#address family ipv6 unicast
  3. bgp(config-router-af)#neighbor <ipv6 address> activate
  Note
  
  By default, the firewall doesn't advertise IPv6 networks to any neighbors. Enter the command to advertise these to IPv6 neighbors when you configure an IPv6 neighbor on the CLI.
  
  For web admin console configurations, the firewall automatically adds this command to IPv6 networks.
5. Exit the address family mode: exit
To configure a neighbor, enter the neighbor's IPv4 or IPv6 address and AS number:

bgp(config-router)#neighbor <ip address> remote-as <neighbor's AS number>
Check the configuration: bgp(config-router)#show running-config

If you've used automatic router ID assignment on the web admin console, the ID isn't shown with this command.
Save the configuration: bgp(config-router)#write
Exit router configuration mode: bgp(config-router)#end
Exit BGP configuration mode: bgp#exit

Default settings

When you configure BGP from the web admin console, the firewall automatically applies these default settings.

Important

Make sure you enter these commands when you configure BGP on the CLI.

Commands	Description
`bgp(config-router)#` `no bgp ebgp-requires-policy`	Currently, the firewall doesn't support policy-based route exchange.
`bgp(config-router)#` `bgp log-neighbor-changes`	The firewall logs changes in neighbors' session statuses, such as a router reset, becoming unavailable or available.
`no neighbor <ipv6 address> activate`	Stops advertising IPv4 networks to IPv6 neighbors.
`neighbor <ipv6 address> activate`	Advertises IPv6 networks to IPv6 neighbors.