Configure BGP
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 9.1 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Configure Banners, Message of the Day, and Logos
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
-
- Apply Tags to an Application Filter
- Create Custom Application Tags
- Workflow to Best Incorporate New and Modified App-IDs
- See the New and Modified App-IDs in a Content Release
- See How New and Modified App-IDs Impact Your Security Policy
- Ensure Critical New App-IDs are Allowed
- Monitor New App-IDs
- Disable and Enable App-IDs
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions
- Set Up Antivirus, Anti-Spyware, and Vulnerability Protection
- Set Up File Blocking
- Prevent Brute Force Attacks
- Customize the Action and Trigger Conditions for a Brute Force Signature
- Enable Evasion Signatures
- Monitor Blocked IP Addresses
- Threat Signature Categories
- Create Threat Exceptions
- Custom Signatures
- Threat Prevention Resources
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Decryption Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- High Availability Support for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
-
- How Decryption Broker Works
- Layer 3 Security Chain Guidelines
- Configure Decryption Broker with One or More Layer 3 Security Chain
- Transparent Bridge Security Chain Guidelines
- Configure Decryption Broker with a Single Transparent Bridge Security Chain
- Configure Decryption Broker with Multiple Transparent Bridge Security Chains
- Activate Free Licenses for Decryption Features
-
- About Palo Alto Networks URL Filtering Solution
- How Advanced URL Filtering Works
- URL Filtering Use Cases
- Plan Your URL Filtering Deployment
- URL Filtering Best Practices
- Activate The Advanced URL Filtering Subscription
- Configure URL Filtering
- Test URL Filtering Configuration
- Log Only the Page a User Visits
- Create a Custom URL Category
- URL Category Exceptions
- Use an External Dynamic List in a URL Filtering Profile
- Allow Password Access to Certain Sites
- URL Filtering Response Pages
- Customize the URL Filtering Response Pages
- HTTP Header Logging
- Request to Change the Category for a URL
-
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure an Aggregate Interface Group
- Use Interface Management Profiles to Restrict Access
- Virtual Routers
- Service Routes
- RIP
- Route Redistribution
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
- Dynamic DNS Overview
- Configure Dynamic DNS for Firewall Interfaces
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 11.2
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
End-of-Life (EoL)
Configure BGP
Configure BGP for a virtual router.
Perform the following task to configure BGP.
- Configure general virtual router configuration
settings.See Virtual Routers for details.
- Enable BGP for the virtual router, assign a router ID,
and assign the virtual router to an AS.
- Select NetworkVirtual Routers and select a virtual router.
- Select BGP.
- Enable BGP for this virtual router.
- Assign a Router ID to BGP for the virtual router, which is typically an IPv4 address to ensure the Router ID is unique.
- Assign the AS Number—the number of the AS to which the virtual router belongs based on the router ID (range is 1 to 4,294,967,295).
- Click OK.
- Configure general BGP configuration settings.
- Select NetworkVirtual Routers and select a virtual router.
- Select BGPGeneral.
- Select Reject Default Route to ignore any default routes that are advertised by BGP peers.
- Select Install Route to install BGP routes in the global routing table.
- Select Aggregate MED to enable route aggregation even when routes have different Multi-Exit Discriminator (MED) values.
- Specify the Default Local Preference that can be used to determine preferences among different paths.
- Select the AS Format for interoperability
purposes:
- 2 Byte (default)
- 4 Byte
Runtime stats display BGP 4-byte AS numbers using asplain notation according to RFC 5396. - Enable or disable each of the following settings for Path
Selection:
- Always Compare MED—Enable this comparison to choose paths from neighbors in different autonomous systems.
- Deterministic MED Comparison—Enable this comparison to choose between routes that are advertised by IBGP peers (BGP peers in the same autonomous system).
- For Auth Profiles, Add an
authentication profile:
- Profile Name—Enter a name to identify the profile.
- Secret/Confirm Secret—Enter and confirm a passphrase for BGP peer communications. The Secret is used as a key in MD5 authentication.
- Click OK twice.
- (Optional) Configure BGP settings.
- Select NetworkVirtual Routers and select a virtual router.
- Select BGPAdvanced.
- Select ECMP Multiple AS Support if you configured ECMP and you want to run ECMP over multiple BGP autonomous systems.
- Enforce First AS for EBGP (enabled by default) to cause the firewall to drop an incoming Update packet from an eBGP peer that does not list the eBGP peer’s own AS number as the first AS number in the AS_PATH attribute.
- Select Graceful Restart and
configure the following timers:
- Stale Route Time (sec)—Specifies the length of time, in seconds, that a route can stay in the stale state (range is 1 to 3,600; default is 120).
- Local Restart Time (sec)—Specifies the length of time, in seconds, that the local device waits to restart. This value is advertised to peers (range is 1 to 3,600; default is 120).
- Max Peer Restart Time (sec)—Specifies the maximum length of time, in seconds, that the local device accepts as a grace period restart time for peer devices (range is 1 to 3,600; default is 120).
- For Reflector Cluster ID, specify an IPv4 identifier to represent the reflector cluster.
- For Confederation Member AS, specify the autonomous system number identifier (also called a sub-AS number), which is visible only within the BGP confederation. For more information, see BGP Confederations.
- Add the following information
for each Dampening Profile that you want to configure, select Enable,
and click OK:
- Profile Name—Enter a name to identify the profile.
- Cutoff—Specify a route withdrawal threshold above which a route advertisement is suppressed (range is 0.0 to 1,000.0; default is 1.25).
- Reuse—Specify a route withdrawal threshold below which a suppressed route is used again (range is 0.0 to 1,000.0; default is 5).
- Max Hold Time (sec)—Specify the maximum length of time, in seconds, that a route can be suppressed, regardless of how unstable it has been (range is 0 to 3,600; default is 900).
- Decay Half Life Reachable (sec)—Specify the length of time, in seconds, after which a route’s stability metric is halved if the route is considered reachable (range is 0 to 3,600; default is 300).
- Decay Half Life Unreachable (sec)—Specify the length of time, in seconds, after which a route’s stability metric is halved if the route is considered unreachable (range is 0 to 3,600; default is 300).
- Click OK twice.
- Configure a BGP peer group.
- Select NetworkVirtual Routers and select a virtual router.
- Select BGPPeer Group, Add a Name for the peer group, and Enable it.
- Select Aggregated Confed AS Path to include a path to the configured aggregated confederation AS.
- Select Soft Reset with Stored Info to perform a soft reset of the firewall after updating the peer settings.
- Select the Type of peer group:
- IBGP—Export Next Hop: Select Original or Use self.
- EBGP Confed—Export Next Hop: Select Original or Use self.
- EBGP Confed—Export Next Hop: Select Original or Use self.
- EBGP—Import Next Hop: Select Original or Use self; and Export Next Hop: Specify Resolve or Use self. Select Remove Private AS if you want to force BGP to remove private AS numbers from the AS_PATH attribute in Updates that the firewall sends to a peer in another AS.
- Click OK.
- Configure a BGP peer that belongs to the peer group and
specify its addressing.
- Select NetworkVirtual Routers and select a virtual router.
- Select BGPPeer Group and select the peer group you created.
- For Peer, Add a peer by Name.
- Enable the peer.
- Enter the Peer AS to which the peer belongs.
- Select Addressing.
- For Local Address, select the Interface for which you are configuring BGP. If the interface has more than one IP address, enter the IP address for that interface to be the BGP peer.
- For Peer Address, select either IP and
enter the IP address or select or create an address object, or select FQDN and
enter the FQDN or address object that is type FQDN.The firewall uses only one IP address (from each IPv4 or IPv6 family type) from the DNS resolution of the FQDN. If the DNS resolution returns more than one address, the firewall uses the preferred IP address that matches the IP family type (IPv4 or IPv6) configured for the BGP peer. The preferred IP address is the first address the DNS server returns in its initial response. The firewall retains this address as preferred as long as the address appears in subsequent responses regardless of its order.
- Click OK.
- Configure connection settings for the BGP peer.
- Select NetworkVirtual Routers and select a virtual router.
- Select BGPPeer Group and select the peer group you created.
- Select the Peer you configured.
- Select Connection Options.
- Select an Auth Profile for the peer.
- Set a Keep Alive Interval (sec)—The interval, in seconds, after which routes from the peer are suppressed according to the Hold Time setting (range is 0 to 1,200; default is 30).
- Set Multi Hop—The time-to-live (TTL) value in the IP header (range is 0 to 255; default is 0). The default value of 0 means 1 for eBGP. The default value of 0 means 255 for iBGP.
- Set Open Delay Time (sec)—The delay, in seconds, between a TCP handshake and the firewall sending the first BGP Open message to establish a BGP connection (range is 0 to 240; default is 0).
- Set Hold Time (sec)—The length of time, in seconds, that may elapse between successive Keepalive or Update messages from the peer before the peer connection is closed (range is 3 to 3,600; default is 90).
- Set Idle Hold Time (sec)—The length of time to wait, in seconds, before retrying to connect to the peer (range is 1 to 3,600; default is 15).
- Set Min Route Advertisement Interval (sec)—The minimum amount of time, in seconds, between two successive Update messages that a BGP speaker (the firewall) sends to a BGP peer that advertise routes or withdrawal of routes (range is 1 to 600; default is 30).
- For Incoming Connections, enter a Remote Port and select Allow to allow incoming traffic to this port.
- For Outgoing Connections, enter a Local Port and select Allow to allow outgoing traffic from this port.
- Click OK.
- Configure the BGP peer with settings for route reflector
client, peering type, maximum prefixes, and Bidirectional Forwarding
Detection (BFD).
- Select NetworkVirtual Routers and select a virtual router.
- Select BGPPeer Group and select the peer group you created.
- Select the Peer you configured.
- Select Advanced.
- For Reflector Client, select
one of the following:
- non-client (default)—Peer is not a route reflector client.
- client—Peer is a route reflector client.
- meshed-client
- For Peering Type, select one
of the following:
- Bilateral—The two BGP peers establish a peer connection.
- Unspecified (default).
- For Max Prefixes, enter the maximum number of supported IP prefixes (range is 1 to 100,000) or select unlimited.
- To enable BFD for the peer
(and thereby override the BFD setting for BGP, as long as BFD is
not disabled for BGP at the virtual router level), select one of
the following:
- default—Peer uses only default BFD settings.
- Inherit-vr-global-setting (default)—Peer inherits the BFD profile that you selected globally for BGP for the virtual router.
- A BFD profile you configured—See Create a BFD Profile.Select Disable BFD to disable BFD for the BGP peer.
- Click OK.
- Configure Import and Export rules.The import and export rules are used to import and export routes from and to other routers (for example, importing the default route from your Internet Service Provider).
- Select Import, Add a name in the Rules field, and Enable the import rule.
- Add the Peer Group from which the routes will be imported.
- Select Match and define the options used to filter routing information. You can also define the Multi-Exit Discriminator (MED) value and a next hop value to routers or subnets for route filtering. The MED option is an external metric that lets neighbors know about the preferred path into an AS. A lower value is preferred over a higher value.
- Select Action and define the action that should occur (allow or deny) based on the filtering options defined in the Match tab. If you select Deny, you don’t need to define any additional options. If you select Allow, then define the other attributes.
- Select Export and define export attributes, which are similar to the Import settings but are used to control route information that is exported from the firewall to neighbors.
- Click OK.
- Configure conditional advertising, which allows you to
control what route to advertise in the event that a different route
is not available in the local BGP routing table (LocRIB), indicating
a peering or reachability failure.This is useful in cases where you want to try to force routes to one AS over another, such as when you have links to the internet through multiple ISPs and you want traffic to be routed to one provider instead of the other except when there is a loss of connectivity to the preferred provider.
- Select Conditional Adv and Add a Policy name.
- Enable the conditional advertisement.
- In the Used By section, Add the peer groups that will use the conditional advertisement policy.
- Select Non Exist Filter and define the network prefixes of the preferred route. This specifies the route that you want to advertise when it is available in the local BGP routing table. If a prefix is going to be advertised and matches a Non Exist filter, the advertisement will be suppressed.
- Select Advertise Filters and define the prefixes of the route in the Local-RIB routing table that should be advertised in the event that the route in the non-exist filter is unavailable in the local routing table. If a prefix is going to be advertised and does not match a Non Exist filter, the advertisement will occur.
- Click OK.
- Configure aggregate options to summarize routes in the
BGP configuration.BGP route aggregation is used to control how BGP aggregates addresses. Each entry in the table results in the creation of one aggregate address. This will result in an aggregate entry in the routing table when at least one specific route matching the address specified is learned.
- Select Aggregate and Add a name for the aggregate address.
- Enter the network Prefix that will be the primary prefix for the aggregated prefixes.
- Select Suppress Filters and define the attributes that will cause the matched routes to be suppressed.
- Select Advertise Filters and define the attributes that will cause the matched routes to always be advertised to peers.
- Click OK.
- Configure redistribution rules.This rule is used to redistribute host routes and unknown routes that are not on the local RIB to the peer routers.
- Select Redist Rules and Add a new redistribution rule.
- Enter the Name of an IP subnet or select a redistribution profile. You can also configure a new redistribution profile if needed.
- Enable the rule.
- Enter the route Metric that will be used for the rule.
- In the Set Origin list, select incomplete, igp, or egp.
- (Optional) Set MED, local preference, AS path limit, and community values.
- Click OK.
- Commit your changes.