BGP Communities in Palo Alto Firewall

Reply
Highlighted
L2 Linker

BGP Communities in Palo Alto Firewall

Hi,

 

It's possible to use well-known communities in Palo Alto like in Cisco Router? I mean, community no-export, no-advertise, local-as or Internet.

 

We need to propagate some routes to a peer but indicate to that peer that don't propagate outside the AS.

 

Thank you in advance,

 


Accepted Solutions
Highlighted
L1 Bithead

Yes, it is possible. Under Virtual Router select BGP -> Export -> Action:

 

cfistik_1-1578520012472.png

 

Hope that helps.

View solution in original post


All Replies
Highlighted
Cyber Elite

Hello,

The PAN routing can be filtered via route redistribution. Take a look at the following and see if it answers your question.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkmCAC

 

Regards,

Highlighted
L2 Linker

Hi,

 

Thank you for your time.

 

That doesn't solve our problem. There is no way to set "well-known" communities on your link, just standard communities like xxx:yyy.

 

So, maybe isn't posible to do that?

 

Thank you ,

 

 

Highlighted
Cyber Elite

Hello,

Good questions. I'm not a BGP expert, however you could reach out to your SE and they can ask other SE's to see if they know. Or you can enter a TAC case and I'm sure you can get your answer that way.

 

Sorry I couldnt help more.

Highlighted
L1 Bithead

Yes, it is possible. Under Virtual Router select BGP -> Export -> Action:

 

cfistik_1-1578520012472.png

 

Hope that helps.

View solution in original post

Highlighted
L2 Linker

Hi,

 

Sorry for the late answer.

 

Finally we will try to solve using standard BGP attributes:

 

  • NO_EXPORT (0xFFFFFF01)
  • NO_ADVERTISE (0xFFFFFF02)
  • NO_EXPORT_SUBCONFED (0xFFFFFF03)
  • NOPEER (0xFFFFFF04)

 

Thank you for the responses,

 

L0 Member

The Community drop down box is misleading in that it seems like the original choices are your only choices.  What Palo doesn't tell you is that you can just enter your ASN:NN community and it will accept it.

 

The drop down box will then display the community that you entered for future choices.

 

 

BGP_Community.PNG

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!