Advanced Routing Engine - BGP: How to configure outbound route filtering using Route-map with Prefix-list

• The information is explained with an example.
• In the network below, Filter out 172.16.17.0/24 to 172.16.31.0/24 being sent out the the ISPs

• Palo Alto Networks Firewalls.
• Supported PAN-OS.
• Advanced Routing Engine.
• BGP Routing configured.
• Route Redistribution.
• Route Filtering.

1. Configure the basic redistribution without any filter:

   1. Use  Advanced Routing Engine - BGP: How to configure route redistribution as a guide.

2. Configure the Prefix list:

   1. To filter the routes that need to be advertised, navigate to Network > Routing > Routing Profiles > Filters > Filters Prefix List > Add, and in this sample we'll use Name: Filter_outbound_172.16

2. Click Add as shown above, and configure the following parameters:
   1. Seq: 10
   2. Action: Permit
   3. Prefix: Network
   4. Network: 172.16.0.0/20
   5. Less Than Or Equal: 24

3. Click OK twice to save

3. Configuring Route Map:

   1. Define the name of the route-map redistribution filter by going to Network > Routing > Routing Profiles > Filters > Filters Route Maps Redistribution > Add > Name, in this sample we'll be using the following parameters:

      1. Name: My_Static_Connect_2_BGP_redist
      2. Source Protocol: Connected Static
      3. Destination Protocol: BGP

2. Assign the Prefix-list to the route-map by clicking Add as highlighted above, and use the following parameters
   1. Entry (tab):
      1. Seq: 10
      2. Description: Filter_outboud_172.16
      3. Action: Permit

2. Match (tab):
   1. Prefix List: Filter_outboud_172.16

3. Click OK to save.
4. Result will be as below

5. Click OK to save

4. Assigning the Route Map to the Redistribution:

   1. Implement the Route map into the Redistribution by navigating to Network > Routing > Routing Profiles > BGP > BGP Redistribution Profiles > My_RP_2_BGP and use the following Parameters:

      1. Static > Route-Map : My_Static_Connect_2_BGP_redist
      2. Connected > Route-Map: My_Static_Connect_2_BGP_redist

2. Click OK then Commit to save.

5. Confirming the results via CLI:

   1. Use the command below to view results

admin@PA-3250-ENT> show advanced-routing bgp peer advertised-routes peer-name ISP1

Status codes:  R removed, d damped, * valid, r ribFailure, S stale, = multipath,
               s suppressed, i internal, > best, h history
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  e egp, i igp, ? incomplete

Peer: ISP1                                                    Logical router: ENT
----------------------------------------------------------------------------------
   Network              Next Hop             Metric LocPrf Weight Path
*> 172.16.0.0/24        172.16.1.254             10    100  32768  ?
*> 172.16.1.0/24        0.0.0.0                   0    100  32768  ?
*> 172.16.2.0/24        0.0.0.0                   0    100  32768  ?
*> 172.16.3.0/24        172.16.1.254             10    100  32768  ?
*> 172.16.4.0/24        172.16.1.254             10    100  32768  ?
*> 172.16.5.0/24        172.16.1.254             10    100  32768  ?
*> 172.16.6.0/24        172.16.1.254             10    100  32768  ?
*> 172.16.7.0/24        172.16.1.254             10    100  32768  ?
*> 172.16.8.0/24        172.16.1.254             10    100  32768  ?
*> 172.16.9.0/24        172.16.1.254             10    100  32768  ?
*> 172.16.10.0/24       172.16.1.254             10    100  32768  ?
*> 172.16.11.0/24       172.16.1.254             10    100  32768  ?
*> 172.16.12.0/24       172.16.1.254             10    100  32768  ?
*> 172.16.13.0/24       172.16.1.254             10    100  32768  ?
*> 172.16.14.0/24       172.16.1.254             10    100  32768  ?
*> 172.16.15.0/24       172.16.1.254             10    100  32768  ?
----------------------------------------------------------------------------------
Total number of prefixes 16

admin@PA-3250-ENT>