Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BGP routing issue

I'm having trouble configuring BGP on our UTM software appliance (9.601-5). I seems that I'm am missing something basic, so I hope someone can push me in the right direction.

Our provider has provided us with information that resulted in the following setup:

- BGP neigbor with ASN and IP adress, no authentication or anything else defined  --> works

- Local router ID (under Global) and local AS number -->works

- Subnet to be used as WAN range is bound to local interface that is connected to the CPE.

- Local IP address (same as local router ID) bound to same local interface as virtual IP


With BGP active, I can see that we can connect, BGP summary shows status up and traffic is shown.

However, I cannot connect to any IP address on the WAN range (e.g. ping) of ping from UTM to any external address.

It must be something I am missing. Any help is appreciated. I more information is needed, please let me know.


Best Regards,



This thread was automatically locked due to age.
  • Hoi Karl-Heinz and welcome to the UTM Community!

    Please show pictures of your configuration including pictures of the Edits of the objects used.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello Bob,

    Glad to be back :)

    Hope these pictures are sufficient:

    BGP neighbor definition:

    Default originate was set after studying the video on

    BGP Summary:

    Router ID is Ip adress from assigned subnet that should be used for internet traffic

    Interface Definitions:

    BGP WAN is what should connect to internet via BGP


    Additional addresses:

    I though this was necessary (these are the two IP adresses used by our node and Neighbor).


    What I am trying to do is, after succesfully connecting to the neighbor, is to use the subnet to communicate with the outside world. 

    Everything looks OK, BGP Neighbor shows:

    BGP neighbor is, remote AS 6830, local AS 65000, external link
    BGP version 4, remote router ID
    BGP state = Established, up for 00:00:08
    Last read 00:00:08, hold time is 180, keepalive interval is 60 seconds
    Neighbor capabilities:
    4 Byte AS: advertised and received
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
    Graceful Restart Capabilty: advertised
    Message statistics:
    Inq depth is 0
    Outq depth is 0
    Sent Rcvd
    Opens: 1 1
    Notifications: 0 0
    Updates: 2 2
    Keepalives: 2 1
    Route Refresh: 0 0
    Capability: 0 0
    Total: 5 4
    Minimum time between advertisement runs is 30 seconds

    For address family: IPv4 Unicast
    Inbound soft reconfiguration allowed
    Community attribute sent to this neighbor(both)
    Default information originate, default sent
    1 accepted prefixes

    Connections established 1; dropped 0
    Last reset never
    Local host:, Local port: 53423
    Foreign host:, Foreign port: 179
    Nexthop global: ::
    Nexthop local: ::
    BGP connection: non shared network
    Read thread: on Write thread: off


    Unicast shows:

    BGP table version is 0, local router ID is
    Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
    i internal, r RIB-failure, S Stale, R Removed
    Origin codes: i - IGP, e - EGP, ? - incomplete

    Network Next Hop Metric LocPrf Weight Path
    *> 100 0 6830 6830 i
    *> 0 100 32768 i
    *> 0 100 32768 i

    Total number of prefixes 3


    I must be doing something basic wrong with routing, but I can't figure it out yet. ip route on the UTM shows no Defaulg GW, seems that that shoudl be it (hopefully)




  • Additional information: I can reach the UTM from outside, so a ping / traceroute from an external address (to works. The only thing I am still not able to figure out is how to get my UTM to communicate to the outside world. I now uses the Neighbor address as a gateway, which is not what it should be.


    Any suggestions?




  • Finally got it working.


    The answer was to change our masquerade rules. Normally, we would masquerade all internal networks to use the primary address. However, when using BGP, it seems that this address is set to the local BGP ip address, which is a non-routable address.

    We defined an additional address on the network card, and changed the masquerade address to that IP. Worked like a charm :)