Configuring BGP routing protocol on Palo ALto firewall is perfomed step-by-step. I have desined a network with two PA firewalls, each acting as edge device. Between two firewalls there is a WAN network that routes all the BGP configuration of two routers connecting to firewalls. OSPF is configured to run BGP on top it.
CiscoIOSv-3 router BGP configuration:
CiscoIOSv-3 router BGP Routing table Info:
CiscoIOSv-7 router BGP configuration:
CiscoIOSv-7 router BGP Routing table info:
Step-1: Select Virtual Router on left navigation panel.
Step-2: Select Default Router from the list, but you can choose any virtual router you want based on your configuration on firewall.
Step-3: Select General Tab.
Fill Router ID and AS number fields, uncheck Reject Default Route(this will allow to accept default routers in to BGP table) and tick Enable radio button.
Step-4: Select Peer Group Tab
- Select Peer Group Tab and click Add to create or add new BGP peer group.
- Enter the Peer Group name and click Add button on bottom to add a peer to group. You can multiple peers to a single group or you can create single group for each peer. Peer group will help with assigning security policies.
- Enter name of the peer, peer AS number. Under Addressing tab select which interface BGP peer is connecting to and IP address of interface. Under Peer Address Type Peer IP without subnet mask. then click OK.
- Now there should be a list of configured Peer’s on Peer group, verify everything is correct and click OK.
Step-5: Select Redist Rules Tab.
- Make sure “Allow Redistribute Default Route” radio button is enabled if you want to redistribute default routes into BGP And select Add button.
- In Redistribute Rules Tab, Select type of IP v4/6 and select Name from drop-down field and click OK. Drop-down will have list of Redistribution profiles Created under Redistribution profiles section.
- After adding the redistribution profile, details are displayed. Verify!
- Verify all the configuration details again General, Peer group and click OK.
- For reference on Redistribution profile 123.
Step-6: Commit configuration
- Select Network Tab, Select Virtual Router and there should appear BGP routing details.
- Click “More Run time states” and select BGP in pop-up window and it should provide all details about BGP, summary and looks like below
- select Peer and details of established peer will be provided.
- Select “Local RIB” RIB(routing information base) and it should give the complete list of routes learned from BGP and can be routed.