Additional FortiGate BGP configuration
At this point that is all the settings that can be done in both the web-based manger and the CLI. The remaining configuration must be completed in the CLI.
These additional settings are mainly determined by your ISP requirements. They will determine your timers such as keep alive timers, if extended features like BFD and graceful restart are being used, and so on. For this example, some common simply features are being used to promote faster detections of network failures which will result in better service for the Company’s internal network users.
The ISPs do not require authentication between peer routers.
These commands will enable or modify the following features on the FortiGate unit, and where possible on neighboring routers as well:
• bestpath-med-missing-as-worst — treats a route without an MED as the worst possible available route due to expected unreliability
• fast-external-failover — immediately reset the session information associated with BGP external peers if the link used to reach them goes down
• graceful-restart* — advertise reboots to neighbors so they do not see the router as offline, wait before declaring them offline, and how long to wait when they reboot before advertising updates. These commands applies to neighbors and are part of the BGP capabilities. This prevents unneeded routing updates.
• holdtime-timer — how long the router will wait for a keepalive message before declaring a router offline. A shorter time will find an offline router faster.
• keepalive-timer — how often the router sends out keepalive messages to neighbor routers to maintain those sessions.
• log-neighbor-changes — log changes to neighbor routers’ status. This can be useful for troubleshooting from both internal and external networks.
• connect-timer — how long in seconds the FortiGate unit will try to reach this neighbor before declaring it offline.
• weight — used to prefer routes from one neighbor over the other. In this example ISP1 is the primary connection so it is weighted higher than ISP2
To configure additional BGP options - CLI
config router bgp
set bestpath-med-missing-as-worst enable
set fast-external-failover enable
set graceful-restart enable
set graceful-restart-time 120
set graceful-stalepath-time 180
set graceful-update-delay 180
set holdtime-timer 120
set keepalive-timer 45
set log-neighbor-changes enable
config neighbor
edit 172.21.111.4
set connect-timer 60
set description “ISP1”
set holdtime-timer 120
set keepalive-timer 45
set weight 250
next
edit 172.22.222.4
set connect-timer 60
set description “ISP2”
set holdtime-timer 120
set keepalive-timer 45
set weight 100
next
end
end