AWS or GCP IPSec Tunnels with BGP routing on a FortiGate software version 6.x

To use BGP routing on an AWS or GCP VPN connection, the tunnel interface needs to have its IP address assigned as a /32 and then the remote IP specified:

config system interface
    edit "GCP"
        set vdom "root"
        set ip
        set type tunnel
        set remote-ip
        set interface "wan1"

BGP can be configured under the GUI in Network -> BGP in most cases, but the CLI has additional options. Here’s an example config for a peer with ASN 64512, announcing the prefix.

config router bgp
    set as 65000
    set router-id
    set keepalive-timer 10
    set holdtime-timer 30
    set scan-time 15
    config neighbor
       edit ""
           set remote-as 64512
    config network
        edit 1
            set prefix


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s