router : bgp : config neighbor
 
config neighbor
Use this subcommand to set or unset BGP neighbor configuration settings. The subcommand adds a BGP neighbor configuration to the FortiGate unit.
You can add up to 1000 BGP neighbors, and optionally use MD5 authentication to password protect BGP sessions with those neighbors. (see RFC 2385)
You can clear all or some BGP neighbor connections (sessions) using the execute router clear bgp command (see execute router clear bgp).
 
The remote-as field is required. All other fields are optional.
 
Variable
Description
Default
edit <neighbor_address_ipv4>
Enter the IP address of the BGP neighbor.
You can have up to 1000 configured neighbors.
No default.
activate {enable | disable}
Enable or disable the address family for the BGP neighbor.
enable
activate6 {enable | disable}
Enable or disable the address family for the BGP neighbor (IPv6).
enable
advertisement-interval
<seconds_integer>
Set the minimum amount of time (in seconds) that the FortiGate unit waits before sending a BGP routing update to the BGP neighbor. The range is from 0 to 600.
30
allowas-in <max_num_AS_integer>
This field is available when allowas-in-enable is set to enable.
Set the maximum number of occurrences your AS number is allowed in.
When allowas-in-enable is disabled, your AS number is only allowed to appear once in an AS_PATH.
.
unset
allowas-in6 <max_num_AS_integer>
This field is available when allowas‑in‑enable6 is set to enable.
When allowas-in-enable6 is disabled, your AS number is only allowed to appear once in an AS_PATH.
Set the maximum number of occurrences your AS number is allowed in.
unset
allowas-in-enable
{enable | disable}
Enable or disable the readvertising of all prefixes containing duplicate AS numbers. Set the amount of time that must expire before readvertising through the allowas-in field.
disable
allowas-in-enable6
{enable | disable}
Enable or disable the readvertising of all prefixes containing duplicate AS numbers. Set the amount of time that must expire before readvertising through the allowas-in6 field.
disable
as-override {enable | disable}
Enable or disable BGP AS override (for IPv4 traffic).
disable
as-override6 {enable | disable}
Enable or disable BGP AS override (for IPv6 traffic).
disable
attribute-unchanged [as-path] [med] [next-hop]
Propagate unchanged BGP attributes to the BGP neighbor.
To advertise unchanged AS_PATH attributes, select as-path.
To advertise unchanged MULTI_EXIT_DISC attributes, select med.
To advertise the IP address of the next-hop router interface (even when the address has not changed), select next-hop.
An empty set is a supported value.
Empty set.
attribute-unchanged6 [as-path] [med] [next-hop]
Propagate unchanged BGP attributes to the BGP neighbor.
To advertise unchanged AS_PATH attributes, select as-path.
To advertise unchanged MULTI_EXIT_DISC attributes, select med.
To advertise the IP address of the next-hop router interface (even when the address has not changed), select next-hop.
An empty set is a supported value.
 
Empty set.
bfd {enable | disable}
Enable to turn on Bi-Directional Forwarding Detection (BFD) for this neighbor. This indicates that this neighbor is using BFD.
disable
capability-default-originate
{enable | disable}
Enable or disable the advertising of the default route to BGP neighbors.
disable
capability-default-originate6 {enable | disable}
Enable or disable the advertising of the default route to IPv6 BGP neighbors.
disable
capability-dynamic
{enable | disable}
Enable or disable the advertising of dynamic capability to BGP neighbors.
disable
capability-graceful-restart
{enable | disable}
Enable or disable the advertising of graceful-restart capability to BGP neighbors.
disable
capability-graceful-restart6 {enable | disable}
Enable or disable the advertising of graceful-restart capability to IPv6 BGP neighbors.
disable
capability-orf {both | none | receive | send}
 
Enable advertising of Outbound Routing Filter (ORF) prefix-list capability to the BGP neighbor. Choose one of:
both — enable send and receive capability.
receive — enable receive capability.
send — enable send capability.
none — disable the advertising of ORF prefix-list capability.
 
disable
capability-orf6 {both | none | receive | send}
Enable advertising of IPv6 ORF prefix-list capability to the BGP neighbor. Choose one of:
both — enable send and receive capability.
receive — enable receive capability.
send — enable send capability.
none — disable the advertising of IPv6 ORF prefix-list capability.
disable
capability-route-refresh
{enable | disable}
Enable or disable the advertising of route-refresh capability to the BGP neighbor.
enable
connect-timer
<seconds_integer>
Set the maximum amount of time (in seconds) that the FortiGate unit waits to make a connection with a BGP neighbor before the neighbor is declared unreachable. The range is from 0 to 65 535.
-1 (not set)
default-originate-routemap <routemap_str>
Advertise a default route out from the FortiGate unit to this neighbor using a route_map named <routemap_str>. The route_map name can be up to 35 characters long and is defined using the config router route_map command.
For more information, see router route-map.
Null.
default-originate-routemap6 <routemap_str>
Advertise a default route out from the FortiGate unit to this neighbor using a route_map named <routemap_str>. The route_map name can be up to 35 characters long and is defined using the config router route_map command.
Null.
description <text_str>
Enter a one-word (no spaces) description to associate with the BGP neighbor configuration settings.
Null.
distribute-list-in
<access-list-name_str>
Limit route updates from the BGP neighbor based on the Network Layer Reachability Information (NLRI) defined in the specified access list. You must create the access list before it can be selected here. See router access-list, access-list6.
Null.
distribute-list-in6
<access-list-name_str>
Limit route updates from the IPv6 BGP neighbor based on the Network Layer Reachability Information (NLRI) defined in the specified access list. You must create the access list before it can be selected here. See router access-list, access-list6.
Null
distribute-list-out
<access-list-name_str>
Limit route updates to the BGP neighbor based on the NLRI defined in the specified access list. You must create the access list before it can be selected here. See router access-list, access-list6.
Null.
distribute-list-out6
<access-list-name_str>
Limit route updates to the IPv6 BGP neighbor based on the NLRI defined in the specified access list. You must create the access list before it can be selected here. See router access-list, access-list6.
Null
dont-capability-negotiate
{enable | disable}
Enable or disable capability negotiations with the BGP neighbor.
disable
ebgp-enforce-multihop
{enable | disable}
Enable or disable the enforcement of Exterior BGP (EBGP) multihops.
disable
ebgp-multihop-ttl
<seconds_integer>
This field is available when ebgp-enforce-multihop is set to enable.
Define a TTL value (in hop counts) for BGP packets sent to the BGP neighbor. The range is from 1 to 255.
255
filter-list-in
<aspath-list-name_str>
Limit inbound BGP routes according to the specified AS-path list. You must create the AS-path list before it can be selected here. See router aspath-list.
Null.
filter-list-in6
<aspath-list-name_str>
Limit inbound IPv6 BGP routes according to the specified AS-path list. You must create the AS-path list before it can be selected here. See router aspath-list.
Null
filter-list-out
<aspath-list-name_str>
Limit outbound BGP routes according to the specified AS-path list. You must create the AS-path list before it can be selected here. See router aspath-list.
Null.
filter-list-out6
<aspath-list-name_str>
Limit outbound IPv6 BGP routes according to the specified AS-path list. You must create the AS-path list before it can be selected here. See router aspath-list.
Null
holdtime-timer
<seconds_integer>
The amount of time (in seconds) that must expire before the FortiGate unit declares the BGP neighbor down. This value overrides the global holdtime-timer value (see subcommand “config router bgp”). A keepalive message must be received every seconds_integer from the BGP neighbor or it is declared down. The value can be 0 or an integer in the 3 to 65 535 range.
This field is available when graceful-restart is set to enabled.
-1 (not set)
interface <interface-name_str>
Specify a descriptive name for the BGP neighbor interface.
Null.
keep-alive-timer
<seconds_integer>
The frequency (in seconds) that a keepalive message is sent from the FortiGate unit to the BGP neighbor. This value overrides the global keep-alive-timer value (see subcommand “config router bgp”). The range is from 0 to 65 535.
-1 (not set)
maximum-prefix
<prefix_integer>
Set the maximum number of NLRI prefixes to accept from the BGP neighbor. When the maximum is reached, the FortiGate unit disconnects the BGP neighbor. The range is from 1 to 4 294 967 295.
Changing this value on the FortiGate unit does not disconnect the BGP neighbor. However, if the neighbor goes down because it reaches the maximum number of prefixes and you increase the maximum-prefix value afterward, the neighbor will be reset.
unset
maximum-prefix6 <prefix_integer>
Set the maximum number of NLRI prefixes to accept from the IPv6 BGP neighbor. When the maximum is reached, the FortiGate unit disconnects the BGP neighbor. The range is from 1 to 4 294 967 295.
Changing this value on the FortiGate unit does not disconnect the BGP neighbor. However, if the neighbor goes down because it reaches the maximum number of prefixes and you increase the maximum-prefix value afterward, the neighbor will be reset.
unset
maximum-prefix-threshold
<percentage_integer>
This field is available when maximum-prefix is set.
Specify the threshold (as a percentage) that must be exceeded before a warning message about the maximum number of NLRI prefixes is displayed. The range is from 1 to 100.
75
maximum-prefix-threshold6
<percentage_integer>
This field is available when maximum-prefix6 is set.
Specify the threshold (as a percentage) that must be exceeded before a warning message about the maximum number of NLRI prefixes is displayed. The range is from 1 to 100.
75
maximum-prefix-warning-only
{enable | disable}
This field is available when maximum-prefix is set.
Enable or disable the display of a warning when the maximum-prefix-threshold has been reached.
disable
maximum-prefix-warning-only6 {enable | disable}
This field is available when maximum‑prefix6 is set.
Enable or disable the display of a warning when the maximum-prefix-threshold6 has been reached.
disable
next-hop-self
{enable | disable}
Enable or disable advertising of the FortiGate unit’s IP address (instead of the neighbor’s IP address) in the NEXT_HOP information that is sent to IBGP peers.
disable
next-hop-self6 {enable | disable}
Enable or disable advertising of the FortiGate unit’s IP address (instead of the neighbor’s IP address) in the NEXT_HOP information that is sent to IBGP peers.
disable
override-capability
{enable | disable}
Enable or disable IPv6 addressing for a BGP neighbor that does not support capability negotiation.
disable
passive {enable | disable}
Enable or disable the sending of Open messages to BGP neighbors.
disable
password <string>
Enter password used in MD5 authentication to protect BGP sessions. (RFC 2385)
Null.
prefix-list-in
<prefix-list-name_str>
Limit route updates from a BGP neighbor based on the Network Layer Reachability Information (NLRI) in the specified prefix list. The prefix list defines the NLRI prefix and length advertised in a route. You must create the prefix list before it can be selected here. See router prefix-list, prefix-list6.
Null.
prefix-list-in6
<prefix-list-name_str>
Limit route updates from an IPv6 BGP neighbor based on the Network Layer Reachability Information (NLRI) in the specified prefix list. The prefix list defines the NLRI prefix and length advertised in a route. You must create the prefix list before it can be selected here. See router prefix-list, prefix-list6.
Null
prefix-list-out
<prefix-list-name_str>
Limit route updates to a BGP neighbor based on the NLRI in the specified prefix list. The prefix list defines the NLRI prefix and length advertised in a route. You must create the prefix list before it can be selected here. See router prefix-list, prefix-list6.
Null.
prefix-list-out6
<prefix-list-name_str>
Limit route updates to an IPv6 BGP neighbor based on the NLRI in the specified prefix list. The prefix list defines the NLRI prefix and length advertised in a route. You must create the prefix list before it can be selected here. See router prefix-list, prefix-list6.
Null
remote-as <id_integer>
Adds a BGP neighbor to the FortiGate unit configuration and sets the AS number of the neighbor. The range is from 1 to 65 535. If the number is identical to the FortiGate unit AS number, the FortiGate unit communicates with the neighbor using internal BGP (IBGP). Otherwise, the neighbor is an external peer and the FortiGate unit uses EBGP to communicate with the neighbor.
unset
remove-private-as
{enable | disable}
Remove the private AS numbers from outbound updates to the BGP neighbor.
disable
remove-private-as6 {enable | disable}
Remove the private AS numbers from outbound updates to the IPv6 BGP neighbor.
disable
restart_time <seconds_integer>
Sets the time until a restart happens. The time until the restart can be from 0 to 3600 seconds.
0
retain-stale-time
<seconds_integer>
This field is available when capability-graceful-restart is set to enable.
Specify the time (in seconds) that stale routes to the BGP neighbor will be retained. The range is from 1 to 65 535. A value of 0 disables this feature.
0
route-map-in
<routemap-name_str>
Limit route updates or change the attributes of route updates from the BGP neighbor according to the specified route map. You must create the route-map before it can be selected here. See “route-map” and “Using route maps with BGP”.
Null.
route-map-in6
<routemap-name_str>
Limit route updates or change the attributes of route updates from the IPv6 BGP neighbor according to the specified route map. You must create the route-map before it can be selected here.
Null
route-map-out
<routemap-name_str>
Limit route updates or change the attributes of route updates to the BGP neighbor according to the specified route map. You must create the route-map before it can be selected here. See “route-map” and “Using route maps with BGP”.
Null.
route-map-out6
<routemap-name_str>
Limit route updates or change the attributes of route updates to the IPv6 BGP neighbor according to the specified route map. You must create the route-map before it can be selected here.
Null
route-reflector-client
{enable | disable}
This field is available when remote-as is identical to the FortiGate unit AS number (see “as <local_as_id>”).
Enable or disable the operation of the FortiGate unit as a route reflector and identify the BGP neighbor as a route-reflector client.
Inbound routes for route reflectors can change the next-hop, local-preference, med, and as-path attributes of IBGP routes for local route selection, while outbound IBGP routes do not take into effect these attributes.
disable
route-reflector-client6
{enable | disable}
This field is available when remote-as is identical to the FortiGate unit AS number.
Enable or disable the operation of the FortiGate unit as a route reflector and identify the BGP neighbor as a route-reflector client.
Inbound routes for route reflectors can change the next-hop, local-preference, med, and as-path attributes of IBGP routes for local route selection, while outbound IBGP routes do not take into effect these attributes.
disable
route-server-client
{enable | disable}
Enable or disable the recognition of the BGP neighbor as route-server client.
disable
route-server-client6
{enable | disable}
Enable or disable the recognition of the IPv6 BGP neighbor as route-server client.
disable
send-community {both | disable | extended | standard}
 
Enable sending the COMMUNITY attribute to the BGP neighbor. Choose one of:
standard — advertise standard capabilities.
extended — advertise extended capabilities.
both — advertise extended and standard capabilities.
disable — disable the advertising of the COMMUNITY attribute.
both
send-community6 {both | disable | extended | standard}
Enable sending the COMMUNITY attribute to the IPv6 BGP neighbor. Choose one of:
standard — advertise standard capabilities
extended — advertise extended capabilities
both — advertise extended and standard capabilities
disable — disable the advertising of the COMMUNITY attribute.
both
shutdown {enable | disable}
Administratively enable or disable the BGP neighbor.
disable
soft-reconfiguration
{enable | disable}
Enable or disable the FortiGate unit to store unmodified updates from the BGP neighbor to support inbound soft-reconfiguration.
disable
soft-reconfiguration6 {enable | disable}
Enable or disable the FortiGate unit to store unmodified updates from the IPv6 BGP neighbor to support inbound soft-reconfiguration.
disable
strict-capability-match
{enable | disable}
Enable or disable strict-capability negotiation matching with the BGP neighbor.
disable
unsuppress-map
<route-map-name_str>
Specify the name of the route-map to selectively unsuppress suppressed routes. You must create the route-map before it can be selected here. See “route-map” and “Using route maps with BGP”.
Null.
unsuppress-map6
<route-map-name_str>
Specify the name of the route-map to selectively unsuppress suppressed IPv6 routes. You must create the route-map before it can be selected here.
Null
update-source
<interface-name_str>
Specify the name of the local FortiGate unit interface to use for TCP connections to neighbors. The IP address of the interface will be used as the source address for outgoing updates.
Null.
weight <weight_integer>
Apply a weight value to all routes learned from a neighbor. A higher number signifies a greater preference. The range is from 0 to 65 535.
unset1
config conditional-advertise fields
edit <map_name>
Enter the name of the advertising route map.
Null
condition-routemap <map_name>
Enter the name of the condition route map.
Null
condition-type {exist | non‑exist}
Select the type of condition: exist if route map is matched, non-exist if route map is not matched.
exist

1 The default value of 4294967295 is seen when show full-configuration is used; when get is used, the value is displayed as unset.

Example
This example shows how to set the AS number of a BGP neighbor at IP address 10.10.10.167 and enter a descriptive name for the configuration.
config router bgp
config neighbor
edit 10.10.10.167
set remote-as 2879
set description BGP_neighbor_Site1
end
end