Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
j_a_m_e_s
New Contributor III

iBGP peer through transparent Fortigate

Dear All,

I would like to do an iBGP peering through the FGT in transparent mode. The peering will actually be between two VRFs on the same Cisco nx-os switch (a design recommended by Cisco BRKDCN-2304 pg82). The background to this is an EVPN network with lots of VRFs and the firewall is an "inter-tenant" segmentation firewall. I don't want the overhead of running BGP on the firewall with all the extra peerings that would require. I have attached a diagram showing the intended setup. 

 

Could anyone tell me:

 

[ol]
  • Is this design conceptually viable? i.e. To forward packets, the routers will l2-rewrite the MAC header to the "next-hop-self" IP corresponding to the remote peer. 
  • I guess I would need to open TCP/179 for BGP in the FGT policy, but what about ARP?
  • How difficult is the switch from NAT to Transparent mode? I think I read somewhere that the configuration will be wiped after "set opmode transparent".[/ol]

     

    Thank you for any insight.

     

    Regards

     

    James.

  • 0 REPLIES 0
    Labels
    Top Kudoed Authors