BGP configuration

The option to configure BGP is only available when Sophos XG Firewall is deployed in Gateway mode.

Border Gateway Protocol (BGP) is a path vector protocol that is used to carry routing information between routers that are in different administrative domains (Autonomous Systems). Example: BGP is typically used by ISPs to exchange routing information between different ISP networks.

The Sophos XG Firewall implementation of BGP supports:

  • Version 4 (RFC 1771)
  • Communities Attribute (RFC 1997)
  • Route Reflection (RFC 2796)
  • Multiprotocol extensions (RFC 2858)
  • Capabilities Advertisement (RFC 2842)

Additionally, a firewall rule needs to be configured for the zone for which the BGP traffic is to be allowed. Example: LAN to LOCAL or WAN to LOCAL.

How BGP works

When BGP is enabled, the Sophos XG Firewall advertises routing table updates to neighboring autonomous systems whenever any part of the Sophos XG Firewall routing table changes. Each AS, including the local AS of which the Sophos XG Firewall device is a member, is associated with an AS number. The AS number references a specific destination network.

BGP updates advertise the best path to a destination network. When the XG Firewall unit receives a BGP update, the XG Firewall examines potential routes to determine the best path to a destination network and records the path in the XG Firewall routing table.

Removing routes

To remove route configuration, execute the no network command from the command prompt as shown below:

bgp(config-router)#no network ipaddress

Turning off BGP

To turn off BGP routing configuration, execute the no router command from the command prompt as shown below:

bgp(config)#no router bgpAS number

BGP configuration task list

BGP must be turned on before carrying out any of the BGP commands.

To configure BGP please see BGP configuration steps