Configure IPv4 and IPv6 Routing with BGP

To participate in BGP with an ISP you must have a public autonomous system (AS) number. For internal BGP between private networks you must use a private AS number. For more information, see About Border Gateway Protocol (BGP). You can configure BGP to do dynamic routing for both IPv4 and IPv6 networks.

If you enable BGP for a FireCluster, you must set the router-id in the BGP configuration to the IP address of the Firebox interface that connects to the router. This is to make sure that the routing protocol does not try to use the FireCluster management IP address as the router-id. Do not use the FireCluster management IP address or cluster IP address as the router-id. To set the router-id, use the command bgp router-id <ip-address> in your BGP configuration, where ip-address is the IP address of the Firebox interface that connects to the router.

If your Firebox has multi-WAN enabled, you can configure a loopback interface, and use the IP address of the loopback interface instead of the IP address of the physical interfaces in the dynamic routing configuration. For more information, see Configure a Loopback Interface.

When you enable BGP, the Firebox automatically creates a dynamic routing policy called DR-BGP-Allow. By default, the DR-BGP-Allow policy allows traffic from the alias Any to the Firebox. As a best practice, we recommend that you edit this policy to add authentication and restrict the policy to listen on only the correct interfaces.

After you configure the Firebox and the BGP router, you can look at the routes table to verify that the Firebox has received route updates from the BGP router.

To see the dynamic routes, from Firebox System Manager select the Status Report tab.

To see the dynamic routes, from Fireware Web UI select System Status > Routes.

See Also

About Border Gateway Protocol (BGP)

BGP Commands

Sample BGP Routing Configuration File