This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Conditional Advertisement, Revert Back Options

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Conditional Advertisement, Revert Back Options

jortiztrb
L0 Member

‎04-02-2025 01:48 PM

Good day all, I was working with PA support I may be just be getting confused with the information.

 

I'm trying to use conditional advertisement to advertise a single subnet via BGP only when another a particular learned route is down. I got this portion working. But, how do I revert back when BGP learned route comes back?

 

According to PA support this is not possible. They provided the document below but I still asked the question below

 

Reference document: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEUCA0.

In the scenario explained in the document, once FW-B starts advertising 55.55.55.100 route to FW-C, is there a method to undo this once 100.100.100.0/24 is in the local rib again?

 
0 Likes Likes
3 REPLIES 3

TomYoung
Cyber Elite
Cyber Elite

‎04-03-2025 10:25 AM

Hi @jortiztrb ,

 

Could you provide more details?  You have conditional advertisement working.  Are you saying that when the Non-Exist prefix comes back, the NGFW does not automatically stop advertising the conditional prefix?

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

jortiztrb
L0 Member
In response to TomYoung

‎04-03-2025 12:21 PM

That is correct. Unless I set it up incorrectly. I was able to get the BGP routes advertised when the monitored route went down. However, after route came back up, BGP was still advertising.

0 Likes Likes

TomYoung
Cyber Elite
Cyber Elite

‎04-03-2025 04:01 PM

Hi @jortiztrb ,

 

That doesn't make sense.  You may be running into a bug.  I have configured BGP Conditional Advertisement on Cisco.  If you configure it good enough to advertise the route, then it should automatically withdraw it.

 

Here is a good blog on the topic.  https://blog.davidvassallo.me/2013/04/04/palo-alto-networks-implementing-conditional-advertising-in-...  He says

"And turning it [ the monitored route ] back on reverses it, advertising only to GM, our primary peer."  When the conditional prefix is not withdrawn, what does the "show routing protocol bgp policy cond-adv" show?  He says you "may need to disable the primary ISP bgp peer, commit, and re-enable the bgp peer." That's a pain.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 287 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks