Hi!

Typically Cisco's representation of a community is in the format of ASN:value.

So 1:1 would mean AS 1 with value 1. They are not used that way as the AS value is not enforced and both numbers in the community tag just seem to be random numbers most likely because admins don't understand the real idea behind them.

In Check Point however, we match communities in route maps like this:
match community <Community ID> as <Community AS Number 1-65535> {on | off}

Example:

match community 1 as 1 on

This matches it to Cisco's 1:1 community.

Disclaimer: This is my understanding of how it works. I'm not a Cisco specialist, so I might be wrong, but this is the way however, how I have got them to match in the past.

I just wrote this out of fun... Haven't tested it.
This redistributes routes that match community 1:1 to AS 400 setting MED as 200.

set routemap BGP-OUT id 10 on
set routemap BGP-OUT id 10 match community 1 as 1 on
set routemap BGP-OUT id 10 action metric 200
set bgp external remote-as 400 export-routemap BGP-OUT preference 1 family inet on

Somehow with the routemap in place I receive all the routes on the other side but it sends them with 200

set routemap BGP-OUT id 10 allow
set routemap BGP-OUT id 10 match community 1 as 1 on
set routemap BGP-OUT id 10 match community exact on
set routemap BGP-OUT id 10 action metric value 200

On the other side:
Routing entry for 100.113.10.0/24
Known via "bgp", distance 20, metric 200, best
Last update 00:00:18 ago
* 10.144.82.150, via eth0, weight 1

And on CP I have them like this

Route: 10.144.12.0/23
Next Hop: 10.144.82.1, via eth1
MED: None
Local Preference: 100
Active Age: 5400
Age: 5192
Rank: 170
Weight: N/A
AS Path: (67000),64520,Incomplete.(Id-7),comm-1.1
Local AS: 67000
Peer AS: 64520
Origin: Incomplete
Originator ID: 192.168.170.2
BGP Next Hop Attribute: 10.144.82.1
Communities: 1:1

Route: 100.113.10.0/24
Next Hop: 10.144.70.100, via eth0
MED: None
Local Preference: 100
Active Age: 3448
Age: 3448
Rank: 170
Weight: N/A
AS Path: (67000),69000,Incomplete.(Id-8)
Local AS: 67000
Peer AS: 69000
Origin: Incomplete
Originator ID: 100.113.10.1
BGP Next Hop Attribute: 10.144.70.100

Still digging...

So which part is not working?

The part where only  community 1:1 is redistributed  🙂 not all of them. 
There I have only two routes, but my customer has about 6500 ... and only 3 of them that are marked with 1:1 must be redistributed with a MED of 200 .

Do you have this line?

set routemap BGP-OUT id 10 match metric value 200

The tiebreaker should be community 1:1

if route is received with community 1:1 (as in the above example with 10.144.12.0/23)  then redistribute it to the upstream router.
if not (no community or other comunity) then don't redistribute it!
set bgp communities on
set routemap BGP-OUT id 10 on
set routemap BGP-OUT id 10 match community 1 as 1 on
set routemap BGP-OUT id 10 match community exact on
set routemap BGP-OUT id 10 action metric value 200
set bgp external remote-as 6900 export-routemap BGP-OUT preference 1 on

Maybe this?

set inbound-route-filter bgp-policy 1000 community-match 1 as 1 on

I'm so stupid clicking on "Accept solution"!!!!
No, I don't want to filter inbound routes.  From that peer I'm receiving all kind of routes with different community strings and other values. 

I just want to export what is marked as community 1 as 1  but it seems that routemap redistributes everything, even the connected interface 🙂

B>* 10.144.12.0/23 [20/200] via 10.144.82.150, eth0, weight 1, 00:13:24
B>* 10.144.70.0/24 [20/200] via 10.144.82.150, eth0, weight 1, 00:13:24
B>* 100.113.10.0/24 [20/200] via 10.144.82.150, eth0, weight 1, 00:13:24

Also I don't have match protocol bgp as I assumed the source and target protocols are both BGP. You will need to match the protocol only if redistributing to a different protocol.

Use show bgp peer [ip] adj-rib-out to see what routes it's advertising.

r82gwf> show bgp peer 10.144.82.151 adj-rib-out

---------------------- EBGP Peer 10.144.82.151 (AS 6900) -----------------------

IPv4 Route Nexthop
10.144.12.0/23 10.144.82.150
10.144.70.0/24 10.144.82.150
100.113.10.0/24 10.144.82.150

Everything.  Something is wrong...I just can't figure out what. 

Example from my lab...do you have line similar to it?

set routemap ospf-to-bgp-100 id 40 match protocol static

No I don't as there's nothing 'static' here.

Its just an example, that command lets you put in different protocols.

Unfortunately in this case  everything is BGP.

C redistributes to B via BGP
B redistributes to A via BGP

A and  C being 3rd party  and B  being the CheckPoint firewall.

In can see the routes received from C  one marked with 1:1 and the other without anything but for some unknown reason the routemap doesn't care about match community and just redistributes everything.

I can make it work by:
set route-redistribution to bgp-as 6900 community-match 1 as 1 on
set route-redistribution to bgp-as 6900 from bgp-as-number 64520 all-ipv4-routes on

but I need to have a different MED for 1:1  which is not achievable this way.

Paste your route map here. Also verify that the routes have the community tag 1:1 as you want.

set bgp communities on

set routemap BGP-OUT id 10 on
set routemap BGP-OUT id 10 match community 1 as 1 on
set routemap BGP-OUT id 10 match community exact on
set routemap BGP-OUT id 10 action metric value 200
set bgp external remote-as 6900 export-routemap BGP-OUT preference 1 on

r82gwf> show route bgp communities
Prefix Nexthop Communities

10.144.12.0/23 10.144.82.1 1:1

r82gwf> show route bgp detailed
Route: 10.144.12.0/23
Next Hop: 10.144.82.1, via eth1
MED: None
Local Preference: 100
Active Age: 8105
Age: 7897
Rank: 170
Weight: N/A
AS Path: (67000),64520,Incomplete.(Id-7),comm-1.1
Local AS: 67000
Peer AS: 64520
Origin: Incomplete
Originator ID: 192.168.170.2
BGP Next Hop Attribute: 10.144.82.1
Communities: 1:1

Route: 100.113.10.0/24
Next Hop: 10.144.70.100, via eth0
MED: None
Local Preference: 100
Active Age: 6153
Age: 6153
Rank: 170
Weight: N/A
AS Path: (67000),69000,Incomplete.(Id-8)
Local AS: 67000
Peer AS: 69000
Origin: Incomplete
Originator ID: 100.113.10.1
BGP Next Hop Attribute: 10.144.70.100

r82gwf>

What Im saying is to add this line:

set routemap BGP-OUT id 10 match protocol bgp

protocol matching shouldn't be needed when the protocol is the same.

Agree 100%, just figured worth trying...

@melcu which version and JHF are you on?

I was on the base R82. Right now it's installing Take 39 ... I hope it doesn't matter but everything is expected.

As expected, nothing changed.

routemap has match statement but it exports everything.

Is this something unsupported ?

Gateway receives the community string but completely ignores it in match statement. 

BGP RECV flags 0xc0 code Community(8): 1:1

Might be worth checking with TAC...you can install jumbo fix, but I would be shocked if that does anything here.

2am and still BGPing 🙂  I've set a filter for ASN and it seems to do the trick but still not working as expected.
A new request kicked in and now  they want to have multiple routes from the peer C exported to A  but when a route is marked from C with community 1:1  then it should be exported to A with a med of 200.
I think that I need to play more with the route map, to add another statement but after 17h I'm done. Tomorrow is another day.

Still digging 😞 so solution yet. No matter what I do,    "match community" doesn't work in routemap.
I think RFC1997 and 1998 are badly implemented. because basically the same logic works on Cisco and Fortigate (tested)

Open an SR with TAC.