https://community.checkpoint.com/t5/General-Topics/BGP-routemaps-and-match-statements/m-p/72116#M14630 Thanks Sundeep.<BR /><BR />That answers my question. I will have to change my SRX routemaps. Sun, 12 Jan 2020 19:58:32 GMT H2-F1 2020-01-12T19:58:32Z https://community.checkpoint.com/t5/General-Topics/BGP-routemaps-and-match-statements/m-p/71398#M14465 <P>Hello Everyone,</P><P>&nbsp;</P><P>I've been working on a small project and have come across an issue with I thought I'd share with the community to get some assistance.</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>I have attached a simplified topology of the setup</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>&nbsp;</P><P>Essentially, I have 2 sites, each with an ISP connection to a CP VSX cluster running in VSX mode, one VS at Site 2 (BFW) is has a BGP Peering with a Juniper SRX appliance. There is also a connection between the 2 sites VSs through a L2 MPLS link.</P><P>I have BGP established where I receive a default route from the ISP at each site, I also have local networks connected on the Checkpoint firewalls. I am currently learning the local subnets connected to the SRX and I am sending it a default route as well as specific subnets connected to BFW.</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>BGP state</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BGP.JPG" style="width: 462px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/3880i4DDF7B22AF5AE1C4/image-size/large?v=v2&amp;px=999" role="button" title="BGP.JPG" alt="BGP.JPG" /></span></P><P>&nbsp;</P><P>BGP Config</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BGP-Conf.JPG" style="width: 398px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/3881i6274CBD9AC7C640E/image-size/large?v=v2&amp;px=999" role="button" title="BGP-Conf.JPG" alt="BGP-Conf.JPG" /></span></P><P>&nbsp;</P><P>Routemap Config</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Routemap-config.jpg" style="width: 554px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/3882iEBB0DA6CA1FA1A1A/image-size/large?v=v2&amp;px=999" role="button" title="Routemap-config.jpg" alt="Routemap-config.jpg" /></span></P><P>&nbsp;</P><P>Import/Export routemap</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="import-export-routemap.png" style="width: 607px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/3883i1B4607637FCEE623/image-size/large?v=v2&amp;px=999" role="button" title="import-export-routemap.png" alt="import-export-routemap.png" /></span></P><P>&nbsp;</P><P>While setting up BGP between the 2 vs, and configuring routemaps, I on<SPAN>ly want to advertise one local subnet from each vs,&nbsp; to do this I specifically used the match neighbor statement.</SPAN></P><P>&nbsp;</P><P><SPAN>BFW should advertise subnet 10.254.132.160/27 only to AFW</SPAN></P><P><SPAN>AFW should advertise subnet 10.255.132.160/27 only to BFW</SPAN></P><P>&nbsp;</P><P><SPAN>The idea is that the designated neighbor will receive the route, and all other neighbors will not. However, looking at the advertised routes sent from BFW to AFW it appears that it is applying the routemap destined for the SRX.</SPAN></P><P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="advertised route.png" style="width: 474px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/3876i133567309855E152/image-size/large?v=v2&amp;px=999" role="button" title="advertised route.png" alt="advertised route.png" /></span></SPAN></P><P>&nbsp;</P><P><SPAN>The below is the route learnt on AFW (not imported yet, hence the i)</SPAN></P><P><SPAN>B H i 10.254.131.128/26 via 10.255.132.198,</SPAN></P><P><SPAN>Can anyone please shed some light if this is expected behaviour, or point out if I've missed something?</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks</SPAN></P><P>&nbsp;</P> Tue, 31 Dec 2019 12:01:54 GMT https://community.checkpoint.com/t5/General-Topics/BGP-routemaps-and-match-statements/m-p/71398#M14465 H2-F1 2019-12-31T12:01:54Z https://community.checkpoint.com/t5/General-Topics/BGP-routemaps-and-match-statements/m-p/71702#M14530 <P>sk110477 specifies how to configure routemaps per peer. Export routemap per IBGP peer is not supported. You will need to configure routemaps on SRX to not accept routes that are not relevant. Would it be possible to use EBGP instead and configure routemaps as per sk110477? </P> Mon, 06 Jan 2020 22:53:56 GMT https://community.checkpoint.com/t5/General-Topics/BGP-routemaps-and-match-statements/m-p/71702#M14530 Sundeep_Mudgal 2020-01-06T22:53:56Z https://community.checkpoint.com/t5/General-Topics/BGP-routemaps-and-match-statements/m-p/72116#M14630 Thanks Sundeep.<BR /><BR />That answers my question. I will have to change my SRX routemaps. Sun, 12 Jan 2020 19:58:32 GMT https://community.checkpoint.com/t5/General-Topics/BGP-routemaps-and-match-statements/m-p/72116#M14630 H2-F1 2020-01-12T19:58:32Z