On the Border Gateway Protocol > Neighbor page, you can create one or more BGP neighbor routers. A neighbor router (or peer router) builds the connection between multiple autonomous systems (AS) or within a single AS. During the first communication, two neighbors exchange their BGP routing tables. After that they send each other updates about changes in the routing table. Keepalive packets are sent to ensure that the connection is up. In case of errors, notifications packets are sent.
Policy routing in BGP differentiates between inbound and outbound policies. This is why defined route maps and filter lists can be applied separately for inbound or outbound traffic.
You need to create at least one neighbor router to be able to enable BGP on the Global page.
To create a new BGP neighbor, do the following:
On the Neighbor page, click New BGP Neighbor.
The Add BGP neighbor dialog box opens.
Make the following settings:
Name: Enter the name of the BGP neighbor router.
Host: Add or select the host definition of the neighbor. The defined IP address must be reachable from Sophos UTM on AWS. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.
Remote ASN: Enter the Autonomous System Number (ASN) of the neighbor.
Authentication: If the neighbor requires authentication, select TCP MD5 Signature from the drop-down list and enter the password which must correspond to the password the neighbor has set.
Make the following advanced settings, if required:
Route in/out: If you have defined a route map, you can select it here. With In or Out you define whether to apply the route map to ingoing or outgoing announcements.
Filter in/out: If you have defined a filter list, you can select it here. With In or Out you define whether to apply the filter to ingoing or outgoing announcements.
Next-Hop-Self: In an iBGP network, when a router announces an external eBGP network internally, iBGP routers with no direct external connection will not know how to route packets to that network. Selecting this option, the eBGP router announces itself as next hop to reach the external network.
Multihop: In some cases, a Cisco router can run eBGP with a third-party router that does not allow direct connection of the two external peers. To achieve the connection, you can use eBGP multihop. The eBGP multihop allows a neighbor connection between two external peers that do not have direct connection. The multihop is only for eBGP and not for iBGP.
Soft-Reconfiguration: Enabled by default. This option enables storing updates sent by the neighbor.
Default Originate: Sends the default route 0.0.0.0 to the neighbor. The neighbor uses this route only if he needs to reach a network that is not in his routing table.
Weight: Cisco-specific option. Sets a generic weight for all routes learned from this neighbor. You can enter a value between 0 and 65535. The route with the highest weight is preferred to reach a particular network. The weight given here overrides route map weight.
The neighbor appears on the Neighbor list.