Preparation for BGP settingΒΆ

Operation Confirmed version: vSRX Version15.1X49-D105.1, vSRX Version19.2R1.8, vSRX Version20.4R2

For vSRX , BGP setting can be made.

Settings for using BGP

To use BGP, zone base Firewall needs to be set. With the default settings, negotiation packets used by routing protocols (etc.) including BGP are rejected by the Firewall. Settings need to be made for vSRX so that these packets are allowed to pass.

Command to be entered with CLI

user01@vSRX-01# set security zones security-zone trust host-inbound-traffic protocols bgp
user01@vSRX-01# set security zones security-zone trust interfaces ge-0/0/0.0
user01@vSRX-01# set security zones security-zone trust interfaces ge-0/0/1.0
user01@vSRX-01# set security zones security-zone trust interfaces ge-0/0/2.0
user01@vSRX-01# set security zones security-zone trust interfaces lo0.0

With the settings properly made, the configuration is as follows:

security {
    zones {
        security-zone trust {
            host-inbound-traffic {
                protocols {
                    bgp;
                }
            }
            interfaces {
                ge-0/0/0.0;
                ge-0/0/1.0;
                ge-0/0/2.0;
                lo0.0;
            }
        }
}

The settings above represent a setting example where all vSRX interfaces belong to trust zones. In the actual configuration, setting are needed to make BGP pass in zones to which interfaces that use BGP belong.