Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=ajn_jnj_ffb

BGP configuration

You can only configure BGP when you deploy Sophos Firewall in gateway mode.

Border Gateway Protocol (BGP) is a path vector protocol used to carry routing information between routers in different administrative domains (Autonomous Systems). For example, ISPs typically use BGP to exchange routing information between different ISP networks.

The Sophos Firewall implementation of BGP supports:

  • Version 4 (RFC 1771)
  • Communities attribute (RFC 1997)
  • Route reflection (RFC 2796)
  • Multiprotocol extensions (RFC 2858)
  • Capabilities advertisement (RFC 2842)

How BGP works

When BGP is enabled, the Sophos Firewall advertises routing table updates to neighboring autonomous systems whenever any part of the Sophos Firewall routing table changes. Each AS, including the local AS of which the Sophos Firewall device is a member, is associated with an AS number. The AS number references a specific destination network.

BGP updates advertise the best path to a destination network. When the Sophos Firewall receives a BGP update, it examines potential routes to determine the best path to a destination network. It records the path in the firewall's routing table.

Removing routes

To remove route configuration, run the no network command from the command prompt as shown below:

bgp(config-router)#no network [ipaddress]

Turning off BGP

To turn off BGP routing, run the no router command from the command prompt as shown below:

bgp(config)#no router [bgpAS number]

BGP configuration task list

BGP must be turned on before carrying out any of the BGP commands.

To configure BGP, see BGP configuration steps.