You want to configure BGP between a ScreenOS firewall and a peer device in a different AS.
As depicted in Figure 17-1, the ScreenOS firewall is in AS 64515 and the EBGP peer is in AS 65500. The
e0/0 interface of the firewall is in the
Untrust zone, which is hosted in the
trust-vr (the default VR for all route-mode zones).
Figure 17-1. EBGP configuration
Configure the following on the ScreenOS firewall.
First, make sure you have correctly assigned the interface zone, IP address, and mode on the BGP-speaking interface:
set interface ethernet0/0 zone UntrustExternal_fw->
set interface ethernet0/0 ip 10.0.0.1/24External_fw->
set interface ethernet0/0 route
Next, define the router ID and enable BGP with the correct local AS number:
set vrouter trust-vrExternal_fw(trust-vr)->
set router-id 10.1.1.1External_fw(trust-vr)->
set protocol bgp 64515External_fw(trust-vr/bgp)->
Finally, define the EBGP neighbor, and enable BGP at the interface level:
set protocol bgp neighbor 10.0.0.253 remote-as 65500External_fw (trust-vr)->
set protocol bgp neighbor 10.0.0.253 enableExternal_fw (trust-vr)->
set interface ethernet0/0 protocol bgp
This configuration starts BGP on the firewall, and permits it to receive all route advertisements from ...