Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

BGP configuration

You can only configure BGP when you deploy Sophos Firewall in gateway mode.

Border Gateway Protocol (BGP) is a path vector protocol used to carry routing information between routers in different administrative domains (Autonomous Systems). For example, ISPs typically use BGP to exchange routing information between different ISP networks.

How BGP works

When BGP is enabled, the Sophos Firewall advertises routing table updates to neighboring autonomous systems whenever any part of the Sophos Firewall routing table changes. Each AS, including the local AS of which the Sophos Firewall device is a member, is associated with an AS number. The AS number references a specific destination network.

BGP updates advertise the best path to a destination network. When the Sophos Firewall receives a BGP update, it examines potential routes to determine the best path to a destination network. It records the path in the firewall's routing table.

BGP configuration task list

You must turn on BGP before carrying out any of the BGP commands.

To configure BGP, see BGP configuration steps

Removing routes

To delete a route configuration, you must delete the network. Do as follows:

  1. Enter the address family:

    • IPv4: bgp(config-router)#address-family ipv4 unicast
    • IPv6: bgp(config-router)#address-family ipv6 unicast
  2. Remove the network: bgp(config-router-af)#no network <ip-address>

Turning off BGP

To turn off BGP routing configuration, run the no router command from the command prompt, replacing <as-number> with the Sophos Firewall Local AS number as follows:

bgp(config)#no router <as-number>

Tip

You can find the Local AS number under Routing > BGP > Global configuration.