In this blog, we will explore the process of configuring IBGP between a Palo Alto firewall and router R1, as well as EBGP with router R2.
We will follow the topology below to set up these routing protocols and test connectivity.
The following configuration has already been applied on Router R1.
The configuration below has already been completed on Router R2.
Now, I will configure the Palo Alto firewall. Please follow the steps below:
I have created two simple zones: one for LAN and one for WAN.
I have created a virtual router named VR01, which is required for the interface configuration.
I have created a management interface and enabled PING access to it, as it is necessary to allow PING.
"Navigate to the Interface section and click on Ethernet 1/1. Perform the basic configuration by selecting the interface type as Layer-3, and then choose the virtual router and zone from the dropdown that we created earlier.
Next, assign an IPv4 address to the interface.
Repeat the same steps for the Ethernet 1/2 interface, and then commit the changes. I can now confirm that the interface on the Palo Alto firewall is showing as UP.
I can now successfully ping the neighbor IPs from the router.
Next, let's configure BGP on the Palo Alto firewall.
Navigate to Network > Virtual Router and click on the virtual router name (VR01 in our example).
Click on 'Enable,' then assign a router ID and AS number to the firewall, as shown in the image below.
Click on the Peer Group option to configure the neighbors. Assign a name to the peer group and select the BGP type from the dropdown (I have selected IBGP).
Click the 'Add' button to add the peer, then enter the peer AS number and select the connected interface and IP address from the dropdown. Enter the neighbor's IP as shown in the image below. Finally, commit the changes.
The BGP session is now UP on both Router R1 and Router R2.
Click on 'More Runtime Stats' on the firewall to check the BGP status. The state is shown as 'Established' on the firewall as well. See the image below for reference.
With BGP successfully configured and the session established, your Palo Alto firewall is now fully integrated into the network. I hope this guide has helped you in setting up and configuring BGP on your firewall.
Thank You