BGP Communities in Palo Alto Firewall

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

BGP Communities in Palo Alto Firewall

L2 Linker

Hi,

 

It's possible to use well-known communities in Palo Alto like in Cisco Router? I mean, community no-export, no-advertise, local-as or Internet.

 

We need to propagate some routes to a peer but indicate to that peer that don't propagate outside the AS.

 

Thank you in advance,

 

1 accepted solution

Accepted Solutions

Yes, it is possible. Under Virtual Router select BGP -> Export -> Action:

 

cfistik_1-1578520012472.png

 

Hope that helps.

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

Hello,

The PAN routing can be filtered via route redistribution. Take a look at the following and see if it answers your question.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkmCAC

 

Regards,

Hi,

 

Thank you for your time.

 

That doesn't solve our problem. There is no way to set "well-known" communities on your link, just standard communities like xxx:yyy.

 

So, maybe isn't posible to do that?

 

Thank you ,

 

 

Hello,

Good questions. I'm not a BGP expert, however you could reach out to your SE and they can ask other SE's to see if they know. Or you can enter a TAC case and I'm sure you can get your answer that way.

 

Sorry I couldnt help more.

Yes, it is possible. Under Virtual Router select BGP -> Export -> Action:

 

cfistik_1-1578520012472.png

 

Hope that helps.

Hi,

 

Sorry for the late answer.

 

Finally we will try to solve using standard BGP attributes:

 

  • NO_EXPORT (0xFFFFFF01)
  • NO_ADVERTISE (0xFFFFFF02)
  • NO_EXPORT_SUBCONFED (0xFFFFFF03)
  • NOPEER (0xFFFFFF04)

 

Thank you for the responses,

 

L0 Member

The Community drop down box is misleading in that it seems like the original choices are your only choices.  What Palo doesn't tell you is that you can just enter your ASN:NN community and it will accept it.

 

The drop down box will then display the community that you entered for future choices.

 

 

BGP_Community.PNG

  • 1 accepted solution
  • 12068 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!