Enter a name for the Authentication profile (maximum of 31 characters).

Enter the Secret and Confirm Secret. The Secret is used as a key in MD5 authentication.

Enter a name for the Timers profile (maximum of 31 characters).

Enter the interval, in seconds, after which routes from the peer are suppressed according to the Hold Time setting (range is 0 to 1,200; default is 30).

Enter the length of time, in seconds, that may elapse between successive Keepalive or Update messages from the peer before the peer connection is closed (range is 3 to 3,600; default is 90).

Enter the minimum about of time, in seconds, that must occur between two successive Update messages (that a BGP speaker [the firewall] sends to a BGP peer) that advertise routes or withdrawal of routes (range is 1 to 600; default is 30).

Enter a name for the Address Family Identifier (AFI) profile (maximum of 31 characters).

Select the type of AFI profile (IPv4 or IPv6).

Advertise all routes in the BGP routing information base (RIB).

Enable to ensure that BGP advertises the best path for each neighboring AS, and not a generic path for all autonomous systems. Disable this if you want to advertise the same path to all autonomous systems.

Specify whether to allow routes that include the firewall’s own autonomous system (AS) number:

You might use the BGP AS override feature if you have multiple sites belonging to the same AS (AS 64512, for example) and there is another AS between them. A router between the two sites receives an Update advertising a route that can access AS 64512. To avoid the second site dropping the Update because it is also in AS 64512, the intermediate router replaces AS 64512 with its own ASN, AS 64522, for example.

Select to advertise a default route. Disable if you want to advertise only routes that go to specific destinations.

Enter the maximum number of prefixes to accept from peer.

Enter the threshold percentage of the maximum number of prefixes. If the peer advertises more than the threshold, the firewall takes the specified Action (warning or restart). Range is 1 to 100%.

Specify the action the firewall takes on the BGP connection after the maximum number of prefixes is exceeded: Warning Only message in logs or Restart the BGP peer connection.

Select the next hop:

To have BGP remove private AS numbers form the AS_PATH attribute in Updates that the firewall sends to a peer in another AS, select one of the following:

Enable the firewall as a BGP Route Reflector Client.

Select the type of BGP community attribute to send in outbound Update messages:

Enter a name for the Redistribution profile (maximum of 31 characters).

Select IPv4 or IPv6 Address Family Identifier (AFI) to specify which type of route is redistributed.

Select Static and Enable to redistribute IPv4 or IPv6 static routes (that match the AFI you selected) into the BGP routing information base (RIB) of the BGP peers.

Enter the metric to apply to the static routes being redistributed into BGP (range is 1 to 65,535).

Select Connected and Enable to redistribute IPv4 or IPv6 connected routes (that match the AFI you selected) into the BGP routing information base (RIB) of the BGP peers.