Preparation for BGP settingΒΆ
Operation Confirmed version: vSRX Version15.1X49-D105.1, vSRX Version19.2R1.8, vSRX Version20.4R2
For vSRX , BGP setting can be made.
Settings for using BGP
To use BGP, zone base Firewall needs to be set. With the default settings, negotiation packets used by routing protocols (etc.) including BGP are rejected by the Firewall. Settings need to be made for vSRX so that these packets are allowed to pass.
Command to be entered with CLI
user01@vSRX-01# set security zones security-zone trust host-inbound-traffic protocols bgp
user01@vSRX-01# set security zones security-zone trust interfaces ge-0/0/0.0
user01@vSRX-01# set security zones security-zone trust interfaces ge-0/0/1.0
user01@vSRX-01# set security zones security-zone trust interfaces ge-0/0/2.0
user01@vSRX-01# set security zones security-zone trust interfaces lo0.0
With the settings properly made, the configuration is as follows:
security {
zones {
security-zone trust {
host-inbound-traffic {
protocols {
bgp;
}
}
interfaces {
ge-0/0/0.0;
ge-0/0/1.0;
ge-0/0/2.0;
lo0.0;
}
}
}
The settings above represent a setting example where all vSRX interfaces belong to trust zones. In the actual configuration, setting are needed to make BGP pass in zones to which interfaces that use BGP belong.