The option to configure BGP is only available when Sophos Firewall is deployed in Gateway mode.
Border Gateway Protocol (BGP) is a path vector protocol that is used to carry routing information between routers that are in different administrative domains (Autonomous Systems).
BGP is typically used by ISPs to exchange routing information between different ISP networks.
The Sophos Firewall implementation of BGP supports:
- Version 4 (RFC 1771)
- Communities Attribute (RFC 1997)
- Route Reflection (RFC 2796)
- Multiprotocol extensions (RFC 2858)
- Capabilities Advertisement (RFC 2842)
Additionally, a firewall rule needs to be configured for the zone for which the BGP traffic is to be allowed. Example: LAN to LOCAL or WAN to LOCAL.
How BGP works
When BGP is enabled, the Sophos Firewall advertises routing table updates to neighboring autonomous systems whenever any part of the Sophos Firewall routing table changes. Each AS, including the local AS of which the Sophos Firewall device is a member, is associated with an AS number. The AS number references a specific destination network.
BGP updates advertise the best path to a destination network. When the Sophos Firewall unit receives a BGP update, the Sophos Firewall examines potential routes to determine the best path to a destination network and records the path in the Sophos Firewall routing table.
To remove route configuration, execute the no network command from the command prompt as shown below:
bgp(config-router)#no network ipaddress
Turning off BGP
To turn off BGP routing configuration, execute the no router command from the command prompt as shown below:
bgp(config)#no router bgpAS number
BGP configuration task list
BGP must be turned on before carrying out any of the BGP commands.
To configure BGP please see BGP configuration steps