redistribute global protect ip pool subnet into bgp.

inderjit21 — Mon, 17 Dec 2018 02:28:12 GMT

I am running VM-500 in cluster on 8.1.4 . I have global protect configured with ip pool of /24.

I need to redistribute this range via bgp. I can see this range in the routing table.

Re: redistribute global protect ip pool subnet into bgp.

pulukas — Mon, 17 Dec 2018 11:55:43 GMT

If the subnet is in the local routing table we can distribute it via a bgp peer.

Is this iBGP or eBGP

What is the current redsitribution rules you have on the peering?

Where do you see the route learned and where is it missing?

Re: redistribute global protect ip pool subnet into bgp.

aleksandar.astardzhiev — Mon, 17 Dec 2018 12:47:28 GMT

Yes you can.

There are actually two ways to accomplish this:

Using redistribtion profile
1. Configure redistribution profile which should matach your IP pool: Network -> Virtual-Router -> edit your VR -> Redistribution profile
2. Select source type connec and destination your IP pool prefix
3. Set redistribure (the radio button on the top right) to Redist
4. Tell the BGP to use this profile: Network -> Virtual-Route -> edit your VR -> BGP -> Redist Rules
5. Add new rule and under "name" select your redistribution profile from the drop-down menue
6. If you are using BGP EXPORT rules, make sure that your GP IP pool is added to the allow export rule
Without redistribution profile
1. Add the GP IP Pool straight to the BGP Redist Rules, without creating redistribution profile
2. Add new rule and under "Name" put your GP IP pool range (do not select anything from drop-down, just type your prefix)
3. Again make sure your BGP EXPORT rules are allowing the GP IP pool

Using redistribution profile gives you an option to advertise any prefix that is already in your routing table - static, directly connected, or dynamically learned from different routing protocol.

Howeve you can advertise any prefix even if it is not in your routing table. If you create BGP redistribution rule, without redistribution profile (just typing the prefix), the firewall will first create "dummy" or internal route for this network and then advertise it over BGP. The disatvantage of this approach is that the intrernal route will always be in the routing table and firewall will alway adv. via BGP, while if you are using redistribution profile matching some static routes it will stop adv. the route if the static is removed from the routing table (interface down or etc.)

I would suggest you to use the redistribution profile, that way the firewall will not require to create the additional internal route. If you create the redist. rule without profile you will have two routes for the GP IP pool (one as connected to the tunnel interface and one as internal "~")

Re: redistribute global protect ip pool subnet into bgp.

OCfirewallsupport — Wed, 19 Dec 2018 16:43:04 GMT

Please make sure you are adding respetive interfaces in redistribution profile to advertise from BGP.

topic Re: redistribute global protect ip pool subnet into bgp. in General Topics

redistribute global protect ip pool subnet into bgp.

Re: redistribute global protect ip pool subnet into bgp.

Re: redistribute global protect ip pool subnet into bgp.

Re: redistribute global protect ip pool subnet into bgp.