Excluding Network from BGP on Fortigate

Assuming you are re-distributing your fortigate networks and you want to exclude one or some of your networks from distribution.

Here is an example config.

PS: replace “XXX” with your config..

config router prefix-list
edit "youaclname"
config rule
edit 1
set prefix "IPaddress "SubnetMask"
unset ge
unset le
next
end

config router route-map
edit "rmap-bgp"
config rule
edit 1
set action deny
set match-ip-address "youraclname"
next
edit 2
next
end
next
end

config router bgp
set as XXXX
set log-neighbour-changes enable
config neighbor
edit "neigbourIP"
set remote-as XXXX
set route-map-out "rmap-bgp"
set send-community6 disable
next
end
config redistribute "connected"
set status enable
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
set router-id XXX.XXX.XXX.XXX
end

Leave a Reply