BGP
You can configure IPv4 and IPv6 BGP routes.
Border Gateway Protocol (BGP) is a path vector protocol that contains path information. It enables the routers to share routing information between autonomous systems (AS) so that loop-free routes can be created. ISPs generally use this protocol.
An AS is a connected group of networks or routers under the control of a single administrative entity. They share common routing policies. A unique AS number is assigned to each AS to identify them uniquely. The AS number enables information exchange between neighboring autonomous systems. You must use private AS numbers if you don't require a unique AS number. BGP private AS numbers range from 64512 to 65535.
Sophos Firewall supports internal and external border gateway protocols (iBGP and eBGP).
BGP selects a single path from the multiple advertisements received from multiple sources for the same route. When the path is selected, BGP puts it in the IP routing table and passes it to its neighbor.
Global configuration
Router ID assignment
Specify whether you want the router ID assignment to be Automatic or Manual.
If you select Automatic, the firewall automatically selects the highest IP address of all the configured interfaces as the router ID. This may reset the BGP sessions.
If you select Manual, you must specify a Router ID.
Router ID
Specify a router ID for BGP.
Example
12.34.5.66
Local AS
Enter the local autonomous system (AS) number.
Acceptable range: 1 to 4294967295
Neighbors
Neighbors are the routers between which a TCP connection is established. You can add, update, or delete IPv4 and IPv6 neighbors.
Networks
You can see the available BGP networks with the corresponding netmasks and prefixes. You can add, update, or delete IPv4 and IPv6 networks.
Allow access
You must configure the following:
- Allow dynamic routing: By default, dynamic routing is turned off. To turn it on, go to Administration > Device access and select the neighbors' zones for which you want to allow dynamic routing.
- Allow traffic: You must configure firewall rules to allow outbound and inbound traffic.
More resources