How can I configure BGP (Border Gateway Protocol) with single ISP and advertise your public network?

Description

This article shows you how to configure BGP with single ISP and advertise your public network

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


In this scenario, we configure basic BGP between SonicWall and the ISP's router using CLI(Command Line Interface) to advertise our network (with public IP address) to the ISP. It is necessary to have the AS(Autonomous System) numbers and public IP addresses of both devices. This information should be provided by the ISP

Image

By default, BGP is disabled on SonicWall. To configure BGP follow the steps:

Enable Advanced Routing 

  • Login to your SonicWall management page and click Manage tab on top of the page.
  • Navigate to Network |Routing page, on right side go to Settings tab.
  • Under Routing Mode, select Advanced Routing as below.
    Image
  • Click OK button in the pop-up window as below. Click Accept button to save settings.
    Image

Enable BGP in SonicWall Management (Configure with CLI)

  • Login to your SonicWall management page and click Manage tab on top of the page.
  • Navigate to Network |Routing page, on right side go to Settings tab.
  • Under Routing Mode: select Advanced Routing
  • BGP: Enabled (Configure with CLI) (Select this option from Drop-down box).
  • Click Accept.
    Image

NOTE: If you don't see BGP option, you might need a license. Please refer to the following link for more information regarding BGP licensing: UTM: Expanded license for A/A Clustering and BGP

Connect to SonicWall using port 22(SSH)

Image


Configure BGP using CLI

  • User:admin
  • Password:

admin@C0EAE45C0360> configure  / Enter to the configure mode admin at GUI from 10.60.2.102 is editing.
Do you wish to preempt them (yes/no)? [no]: yes / Confirm preemption from GUI user who has logged in to SonicWall
config(C0EAE45C0360)#  routing  / Enter to Routing Module 
(config-routing)#  bgp / Enter to BGP module ZebOS version 7.7.0 IPIRouter 7/2009 
ARS BGP> ARS BGP> configure terminal / Enter configure mode 
ARS BGP(config)> router bgp 6501 / Set up AS number on SonicWall 
ARS BGP(config-router)> neighbor 2.2.2.1 remote-as 6500 / Configure neighbor connection 
ARS BGP(config-router)> network 20.20.20.0 mask 255.255.255.0  / Advertise your network ARS BGP(config-router)> Ctrl+Z / press in Keyboard
ARS BGP> Write / To write the changes into memory and with out this command BGP config will be saved until the firewall is rebooted
ARS BGP> Exit

config(C0EAE45C0360)# commit / To save the configuration

Check BGP neighbor status

  • ARS BGP> show ip bgp summary
    If the output of the command shows any number under State/PfcRcd, it indicates that the neighbors can communicate with each other.
    Image

 Check the network advertised to the neighbor

  • ARS BGP> show ip bgp neighbors advertised-routes.
    Image

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

In this scenario, we configure basic BGP between SonicWall and ISP's router using CLI(Command Line Interface) to advertise our network (with public IP address) to the ISP. It is necessary to have the AS(Autonomous System) numbers and public IP address of both devices. This information should be provided by ISP.

Image

By default, BGP is disabled on SonicWall. To configure BGP follow the steps:

Enable Advanced Routing

  • Navigate to Network | Routing | Routing Mode , select Advanced Routing.

Enable BGP(Configure with CLI)

  • Navigate to Network | Routing | BGP , select Enable(Configure with CLI).
    Image

NOTE: If you don't see BGP option, you might need a license. Please refer to the following link for more information regarding BGP licensing: UTM: Expanded license for A/A Clustering and BGP

 Connect to SonicWall using port 22(SSH)

Image


 Configure BGP using CLI

  • User:admin
  • Password:

admin@C0EAE45C0360> configure  / Enter to the configure mode admin at GUI from 10.60.2.102 is editing.
Do you wish to preempt them (yes/no)? [no]: yes / Confirm preemption from GUI user who has logged in to SonicWall
config(C0EAE45C0360)#  routing  / Enter to Routing Module
(config-routing)#  bgp / Enter to BGP module ZebOS version 7.7.0 IPIRouter 7/2009
ARS BGP> configure terminal / Enter configure mode
ARS BGP(config)> router bgp 6501 / Set up AS number on SonicWall
ARS BGP(config-router)> neighbor 2.2.2.1 remote-as 6500 / Configure neighbor connection
ARS BGP(config-router)> network 20.20.20.0 mask 255.255.255.0  / Advertise your network ARS BGP(config-router)> Ctrl+Z / press in Keyboard
ARS BGP> Write To write the changes into memory and with out this command BGP config will be saved until the firewall is rebooted
ARS BGP> Exit

config(C0EAE45C0360)# commit / To save the configuration

 Check BGP neighbor status

  • ARS BGP> show ip bgp summary
    If the output of the command shows any number under State/PfcRcd, it indicates that the neighbors can communicate with each other.
    Image

 Check the network advertised to the neighbor

  • ARS BGP> show ip bgp neighbors advertised-routes

    Image

Related Articles

  • Enable public access on SonicWall NSv in Azure
    Read More
  • Configuring Syslog traffic over MPLS in SonicWall
    Read More
  • Cysurance Partner FAQ
    Read More

Categories

Firewalls
NSa Series
Networking
Firewalls
TZ Series
Networking
Firewalls
NSv Series
Networking
not finding your answers?
Ask the Community
was this article helpful?
YesNo