Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=e45_52j_cjb

BGP configuration steps

BGP configuration steps in Sophos Firewall

To configure BGP, do as follows:

  1. Select Option 3 (Route Configuration) > Option 1 (Configure Unicast Routing) > Option 3 (Configure BGP)

    You see the following prompt:

    bgp>

  2. Type enable

    This turns the BGP routing process on and switches to global configuration mode.

  3. Specify a list of networks for the BGP routing process.

    Option Description
    bgp#configure terminal Enables the BGP configuration mode, which switches to Router Configuration mode and allows you to configure from the terminal.
    bgp(config)#router bgp AS number Allows you to configure and start the BGP routing process. The Autonomous System (AS) number is the number of the local AS that your Sophos Firewall is a member of.
    bgp(config-router)#network ip-address

    Specify the ip-address with the subnet information of the network to be advertised.

    IP Addresses and network masks or prefixes of networks to advertise to BGP peers. Sophos Firewall may have a physical or VLAN interface connected to those networks.
    bgp(config - router)#show running - config Shows the configuration. By default, the router ID is the IP address of the Sophos Firewall. The router ID is used to identify the Sophos Firewall to other BGP routers. The router ID can be an integer or take a form similar to an IP address, for example, A.B.C.D.
    bgp(config-router)#end Exits from the router configuration mode and places you into the enable mode.
    bgp#exit Exits to the router management menu.

Note

The default value for maximum-paths ibgp is 1, which means no multi-paths are allowed. The firewall only shows the maximum-paths ibgp value in the running configuration if it isn't set to the default.

Note

You must run the write command to save route configurations made through the CLI so they reflect on the web admin console and persist on a firewall or daemon restart.