Learning default route from BGP

Is it possible for a Firebox to learn a default route from BGP?

We have two sites connected via MPLS using BGP. The main site advertises a default route.

On the remote site Firebox, the MPLS interface is configured as a Trusted interface. There's also a backup Internet connection configured as an External interface. I see the default route advertised over the MPLS circuit in the BGP table, but not in the main routing table. The only default route shown in the main routing table is the backup Internet connection. So instead of routing traffic down the MPLS circuit, it ends up getting sent out the backup Internet connection interface.

The only way to remedy this is to set the MPLS circuit as an External interface and provide the default gateway. However, this makes the default route static. That's a problem because I also want setup a BOVPN for automatic failover, which requires dynamic routing.

I've looked at these two guides:

https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/vpn_failover_from_leased_line_overview_c.html

https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/bovpn_vif_metric_failover_c.html

...but the crux of the issue seems to go back to my original question, can the Firebox learn a default route via BGP?

Comments

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    Hi @SteveC
    I believe it should be able to do this. The issue is that if all external interfaces are disabled on the firewall, it will ask for a default route. I believe that static route will override the leaned routes in most cases.

    If you haven't done so already, I would suggest creating a support case so that we can take a look at your logs more closely and assist.

    -James Carson
    WatchGuard Customer Support

  • From the original question: Can Firebox learn default route via BGP? Yes. As long as your BGP Peer/s issue the command default-information originate or something like that.
    Now about static routes overriding the dynamic routes learned by the Firebox, this is true if you use the default metric (1) on static routes. If you work on your metrics correctly be it static routes or dynamic routes such as BGP (default-metric ) then you will achieve the results you want to have.

Sign In to comment.