This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nima_Chogyal
Contributor
‎2023-12-21 10:55 PM
Jump to solution

BGP

So i have a customer that has BGP running on  a SMB appliance. It is working on the older version which is R81.10.07 but then the customer wants to upgrade the gw  to R81.10.08 so that he can get email notifications when someone tries to login to the gateway. Upgrading it has no issues but BGP does not come up at all.Tried every possible configuration on it. There are zero packets sent or received when i use the show bgp stats command. Tried with route-redistribition-doestn work.. tried it with routemaps also- doesnt work aswell.The working config are as follows :

# Aggregate
# As
set as 65534
# BGP
set bgp external remote-as 2.4594 on
set bgp external remote-as 2.4594 local-address 103.78.111.254 on
set bgp external remote-as 2.4594 import-routemap "import" preference 1 on
set bgp external remote-as 2.4594 peer 103.78.111.253 on
set bgp external remote-as 2.4594 peer 103.78.111.253 local-address 103.78.111.254 on
set bgp external remote-as 2.4594 peer 103.78.111.253 authtype md5 secret already_scrambled_/OeMJECLiZaIu8U73g==_000000000000000000000000000000000000000000
set bgp external remote-as 2.4594 peer 103.78.111.253 graceful-restart on
# IGMP
# Inbound Route Filter
set inbound-route-filter ospf2 instance default accept-all-ipv4
set inbound-route-filter rip accept-all-ipv4
set inbound-route-filter bgp-policy 512 based-on-as as 2.4594 on
set inbound-route-filter bgp-policy 512 accept-all-ipv4
set inbound-route-filter bgp-policy 512 default-localpref 10
set inbound-route-filter bgp-policy 512 default-weight 100
# IPv6 Aggregate
# IPv6 Inbound Route Filter
# IPv6 OSPF3
# IPv6 Route Redistribution
# Kernel Routes
# max-path-splits
set max-path-splits 8
# NAT-Pool
# OSPF
set ospf instance default area backbone on
# PIM
# Protocol Rank
# RIP
set rip update-interval default
set rip expire-interval default
# Route Redistribution
set route-redistribution to bgp-as 2.4594 from interface LAN3 on
set route-redistribution to bgp-as 65534 localpref 10
set route-redistribution to bgp-as 65534 from default-origin all-ipv4-routes metric 100 on
set route-redistribution to bgp-as 65534 from bgp-as-number 65534 network 172.16.248.0/22 action accept
set route-redistribution to bgp-as 65534 from bgp-as-number 65534 network 172.16.248.0/22 match-type delete on
set route-redistribution to bgp-as 65534 from bgp-as-path "135666" origin IGP network 172.16.248.0/22 action accept
set route-redistribution to bgp-as 65534 from bgp-as-path "135666" origin IGP network 172.16.248.0/22 match-type delete on
# Routemaps
set routemap import id 1 on
set routemap import id 1 allow
set routemap import id 1 match neighbor 103.78.111.253 on
set routemap import-bgp id 1 on
set routemap import-bgp id 1 allow
set routemap import-bgp id 1 match neighbor 103.78.111.253 on
set routemap import id 1 on
set routemap import id 1 allow
set routemap import id 1 match neighbor 103.78.111.253 on
## The following items are listed under their respective command sets
## (e.g. "set bgp") and are displayed here for informational purposes:
# set bgp external remote-as 2.4594 import-routemap import preference 1 on
# Router ID
set router-id 1.1.1.1
# Router Options
set router-options multithreading on
# Static Multicast Route
# Trace
# Tracefile
set tracefile maxnum 10
set tracefile size 0
# Static Routes **Please wait, this may take a while**

0 Kudos
1 Solution

Accepted Solutions
Nima_Chogyal
Contributor
‎2023-12-22 02:34 AM
In response to Peter_Lyndley
Jump to solution

Thank you for the reply but i managed to establish BGP. Turns out keeping the config as simple as i can solves the issue. which is kinda weird or maybe im just missing something here when i try to configure routemaps with ASN and prefixes.

Tried all sort of configuration on both router and checkpoint but keeping it simple in CP side works.

View solution in original post

0 Kudos
4 Replies
Peter_Lyndley
Advisor
Advisor
‎2023-12-21 11:32 PM
Jump to solution

There is a patched version (new build) of R81.10.08 available which addresses several issues including BGP, however you may have to log a ticket with TAC to obtain it. 

0 Kudos
Nima_Chogyal
Contributor
‎2023-12-22 02:34 AM
In response to Peter_Lyndley
Jump to solution

Thank you for the reply but i managed to establish BGP. Turns out keeping the config as simple as i can solves the issue. which is kinda weird or maybe im just missing something here when i try to configure routemaps with ASN and prefixes.

Tried all sort of configuration on both router and checkpoint but keeping it simple in CP side works.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2024-01-09 06:18 AM
In response to Nima_Chogyal
Jump to solution

Did you consult https://sc1.checkpoint.com/documents/SMB_R81.10.X/Dynamic_Routing/EN/Content/Topics/BGP-IPv4.htm?toc... ?

CCSE / CCTE / CCME / CCSM Elite / SMB Specialist
0 Kudos
Nima_Chogyal
Contributor
‎2024-01-10 01:53 AM
In response to G_W_Albrecht
Jump to solution

Yeah i did, tried using routemaps for importing and exporting but i just couldnt get it up with routemaps.in-bound route filter with route-redistribution worked. I think im missing something with routemaps but i couldnt figure it out.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events