Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 43 subscribers
  • Views 8713 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BGP - Route Filters

Adam Rippon

Hi

Just wondering if the XG supports BGP Route Filters. From what i am reading XG uses Quagga for & Quagga supports Route Filters. I just cant seem to find it in the XG.

I am simply trying to filter out the default route which is being advertised by BGP

Any suggestions would be appreciated.

 

Thanks

Adam



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Hi,

     

    Thanks for your response. I did have a look & also have taken it up with Sophos Support who suggested i voted for this suggestion. Seems like a few have asked for it (for sometime) so at this stage it seems safe to assume its not possible.

     

    Appreciate you taking the time to comment

     

    Cheers

  • +1 in reply to Adam Rippon

    hey Adam,

     

    We do support Route filter capabilities inside OSPF and BGP, i just came across this thread searching for something else, you can use prefix lists, access lists to filter routes both inbound and outbound on XG. Unfortunately this is not well documented with XG. but we will work on documenting more information on the router filtering. 

     

    just to give you an example, all the commands you need to build route filters are the same ones supported by quagga, which is closer to a cisco s implementation, so you pretty much can nearly copy paste the route filters from a cisco router to XG. 

     

    -Cheers,

    Kranthi 

  • 0 in reply to Kranthi

    Thanks for letting us know.

    Cheers

    Adam

  • 0 in reply to Kranthi

    Are there any links or example how to simply filter out default route from BGP? We are in identical situation when XG is learning default route from BGP which, obviously, breaks Internet access from device itsels and IPSec/SSL VPN tunnels coming to it.

     

    Thank you!

  • 0 in reply to Mike M

    I just had to work through this same issue with support last week.  Frustrating Sophos doesn't have a document written for this.

     

    For future reference:

     

    from CLI option 3 -> 1 -> 3 to access the 'Configure BGP' Option

    bgp> enable

    bgp# configure terminal

    bgp# ip prefix-list deny-route seq 5 deny 0.0.0.0/0

    bgp# ip prefix-list deny-route seq 10 permit 0.0.0.0/0 le 32

    bgp(config)# router bgp <LOCAL AS>

    bgp(config-router)# neighbor <IP ADDRESS> prefix-list deny-route in

    bgp(config-router)# exit

    bgp(config)# exit

    bgp# clear ip bgp <IP ADDRESS> soft in

    bgp# write

Unfiltered HTML