Network > Routing > Routing Profiles > BGP
Table of Contents
10.1
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device Setup Ace
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Network > Routing > Routing Profiles > BGP
Create BGP routing profiles to efficiently configure
BGP for the logical router.
For a logical router, use BGP profiles
to efficiently apply configuration to BGP peer groups, peers, or
redistribution rules. For example, you can apply a Timer Profile
or Authentication Profile to a BGP peer group or a peer. You can
apply an Address Family (AFI) profile for IPv4 and for IPv6 to a
peer group. You can apply a Redistribution profile for IPv4 and
for IPv6 to BGP redistribution.
BGP Routing Profiles | Description |
---|---|
BGP Auth Profile | |
Name | Enter a name for the Authentication profile
(maximum of 31 characters). |
Secret | Enter the Secret and Confirm
Secret. The Secret is used as a key in MD5 authentication. |
BGP Timers Profile | |
Name | Enter a name for the Timers profile (maximum
of 31 characters). |
Keep Alive Interval (sec) | Enter the interval, in seconds, after which
routes from the peer are suppressed according to the Hold Time setting
(range is 0 to 1,200; default is 30). |
Hold Time (sec) | Enter the length of time, in seconds, that
may elapse between successive Keepalive or Update messages from
the peer before the peer connection is closed (range is 3 to 3,600;
default is 90). |
Minimum Route Advertise Interval (sec) | Enter the minimum about of time, in seconds,
that must occur between two successive Update messages (that a BGP
speaker [the firewall] sends to a BGP peer) that advertise routes
or withdrawal of routes (range is 1 to 600; default is 30). |
BGP Address Family Profile | |
Name | Enter a name for the Address Family Identifier
(AFI) profile (maximum of 31 characters). |
IPv4 or IPv6 | Select the type of AFI profile (IPv4 or
IPv6). |
Advertise all paths to a peer | Advertise all routes in the BGP routing
information base (RIB). |
Advertise the best path per neighboring AS | Enable to ensure that BGP advertises the
best path for each neighboring AS, and not a generic path for all
autonomous systems. Disable this if you want to advertise the same
path to all autonomous systems. |
Allow AS in | Specify whether to allow routes that include
the firewall’s own autonomous system (AS) number:
|
Override ASNs in outbound updates if AS-Path
equals Remote-AS | You might use the BGP AS override feature
if you have multiple sites belonging to the same AS (AS 64512, for
example) and there is another AS between them. A router between
the two sites receives an Update advertising a route that can access
AS 64512. To avoid the second site dropping the Update because it
is also in AS 64512, the intermediate router replaces AS 64512 with
its own ASN, AS 64522, for example. |
Originate Default Route | Select to advertise a default route. Disable
if you want to advertise only routes that go to specific destinations. |
Num_prefixes | Enter the maximum number of prefixes to
accept from peer. |
Threshold (%) | Enter the threshold percentage of the maximum
number of prefixes. If the peer advertises more than the threshold,
the firewall takes the specified Action (warning or restart). Range
is 1 to 100%. |
Action | Specify the action the firewall takes on
the BGP connection after the maximum number of prefixes is exceeded: Warning
Only message in logs or Restart the
BGP peer connection. |
Next Hop | Select the next hop:
|
Remove Private AS | To have BGP remove private AS numbers form
the AS_PATH attribute in Updates that the firewall sends to a peer
in another AS, select one of the following:
|
Route Reflector Client | Enable the firewall as a BGP Route Reflector
Client. |
Send Community | Select the type of BGP community attribute
to send in outbound Update messages:
|
BGP Redistribution Profile | |
Name | Enter a name for the Redistribution profile
(maximum of 31 characters). |
IPv4 or IPv6 | Select IPv4 or IPv6 Address Family Identifier
(AFI) to specify which type of route is redistributed. |
Static | Select Static and Enable to
redistribute IPv4 or IPv6 static routes (that match the AFI you
selected) into the BGP routing information base (RIB) of the BGP
peers. |
Metric | Enter the metric to apply to the static
routes being redistributed into BGP (range is 1 to 65,535). |
Connected | Select Connected and Enable to
redistribute IPv4 or IPv6 connected routes (that match the AFI you
selected) into the BGP routing information base (RIB) of the BGP
peers. |
Metric | Enter the metric to apply to the connected
routes being redistributed into BGP (range is 1 to 65,535). |