Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BGP - Route Filters


Just wondering if the XG supports BGP Route Filters. From what i am reading XG uses Quagga for & Quagga supports Route Filters. I just cant seem to find it in the XG.

I am simply trying to filter out the default route which is being advertised by BGP

Any suggestions would be appreciated.




This thread was automatically locked due to age.
Parents Reply Children
  • Hi,


    Thanks for your response. I did have a look & also have taken it up with Sophos Support who suggested i voted for this suggestion. Seems like a few have asked for it (for sometime) so at this stage it seems safe to assume its not possible.


    Appreciate you taking the time to comment



  • hey Adam,


    We do support Route filter capabilities inside OSPF and BGP, i just came across this thread searching for something else, you can use prefix lists, access lists to filter routes both inbound and outbound on XG. Unfortunately this is not well documented with XG. but we will work on documenting more information on the router filtering. 


    just to give you an example, all the commands you need to build route filters are the same ones supported by quagga, which is closer to a cisco s implementation, so you pretty much can nearly copy paste the route filters from a cisco router to XG. 




  • Thanks for letting us know.



  • Are there any links or example how to simply filter out default route from BGP? We are in identical situation when XG is learning default route from BGP which, obviously, breaks Internet access from device itsels and IPSec/SSL VPN tunnels coming to it.


    Thank you!

  • I just had to work through this same issue with support last week.  Frustrating Sophos doesn't have a document written for this.


    For future reference:


    from CLI option 3 -> 1 -> 3 to access the 'Configure BGP' Option

    bgp> enable

    bgp# configure terminal

    bgp# ip prefix-list deny-route seq 5 deny

    bgp# ip prefix-list deny-route seq 10 permit le 32

    bgp(config)# router bgp <LOCAL AS>

    bgp(config-router)# neighbor <IP ADDRESS> prefix-list deny-route in

    bgp(config-router)# exit

    bgp(config)# exit

    bgp# clear ip bgp <IP ADDRESS> soft in

    bgp# write