This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎12-17-2018 04:47 AM

Yes you can.

 

There are actually two ways to accomplish this:

  1. Using redistribtion profile
    1. Configure redistribution profile which should matach your IP pool: Network -> Virtual-Router -> edit your VR -> Redistribution profile
    2. Select source type connec and destination your IP pool prefix
    3. Set redistribure (the radio button on the top right) to Redist
    4. Tell the BGP to use this profile: Network -> Virtual-Route -> edit your VR -> BGP -> Redist Rules
    5. Add new rule and under "name" select your redistribution profile from the drop-down menue
    6. If you are using BGP EXPORT rules, make sure that your GP IP pool is added to the allow export rule
  2. Without redistribution profile
    1. Add the GP IP Pool straight to the BGP Redist Rules, without creating redistribution profile
    2. Add new rule and under "Name" put your GP IP pool range (do not select anything from drop-down, just type your prefix)
    3. Again make sure your BGP EXPORT rules are allowing the GP IP pool

 

Using redistribution profile gives you an option to advertise any prefix that is already in your routing table - static, directly connected, or dynamically learned from different routing protocol.

 

Howeve you can advertise any prefix even if it is not in your routing table. If you create BGP redistribution rule, without redistribution profile (just typing the prefix), the firewall will first create "dummy" or internal route for this network and then advertise it over BGP. The disatvantage of this approach is that the intrernal route will always be in the routing table and firewall will alway adv. via BGP, while if you are using redistribution profile matching some static routes it will stop adv. the route if the static is removed from the routing table (interface down or etc.)

 

 

I would suggest you to use the redistribution profile, that way the firewall will not require to create the additional internal route. If you create the redist. rule without profile you will have two routes for the GP IP pool (one as connected to the tunnel interface and one as internal "~")

(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks