BGP
Border Gateway Protocol (BGP) is a path vector protocol that contains path information. It enables the routers to share routing information between autonomous systems (AS) so that loop-free routes can be created. ISPs generally use this protocol.
An AS is a connected group of networks or routers under the control of a single administrative entity. They share common routing policies. A unique AS number is assigned to each AS to identify them uniquely. The AS number enables information exchange between neighboring autonomous systems. You must use private AS numbers if you don't require a unique AS number. BGP private AS numbers range from 64512 to 65535.
BGP selects a single path from the multiple advertisements received from multiple sources for the same route. When the path is selected, BGP puts it in the IP routing table and passes it to its neighbor.
You can configure IPv4 and IPv6 BGP routes.
Sophos Firewall supports internal and external border gateway protocols (iBGP and eBGP).
Global configuration
Specify the following global settings:
-
Under Router ID assignment, click one of the following options:
- Automatic: The firewall automatically selects the highest IP address of all the configured interfaces as the router ID. This may reset the BGP sessions.
- Manual: You must specify a Router ID.
-
Enter a Router ID, for example,
12.34.5.66
. -
Under Local AS, enter the local autonomous system (AS) number.
Acceptable values: 1 to 4294967295
-
Click Apply.
Note
When you apply the Global configuration settings on the web admin console, the firewall removes your changes to the following default settings:
bgp log-neighbor-changes
andno bgp ebgp-requires-policy
.
Neighbors
Neighbors are the routers between which a TCP connection is established. You can add, edit, or delete IPv4 and IPv6 neighbors.
Networks
You can see the available BGP networks with the corresponding netmasks and prefixes. You can add, update, or delete IPv4 and IPv6 networks.
Allow access
You must configure the following:
- Allow dynamic routing: By default, dynamic routing is turned off. To turn it on, go to Administration > Device access and select the neighbors' zones for which you want to allow dynamic routing.
- Allow traffic: You must configure firewall rules to allow outbound and inbound traffic.
More resources