How to redistribute GlobalProtect pool to BGP
8090
Created On 02/18/20 07:18 AM - Last Modified 01/05/21 03:05 AM
Objective
* To properly redistribute the appropriate hosts/networks from the GlobalProtect pool to BGP
* Prevent unnecessary redistribution of hosts/networks that aren't part of the GlobalProtect pool to BGP
Environment
* It is a assumed that BGP is already working
* It is a assumed that GlobalProtect is already working
* Networks that have multiple exit/entry points and doesn't use the firewall for default route
Procedure
1. Determine which tunnel interface is the GlobalProtect Gateway using,
Network > GlobalProtect > Gateways > [Determine the appropriate GP-gateway]
In the example below we are using tunnel.123
2. Determine the routes are pointed to the above tunnel, using "show routing route | match tunnel" command, and
take notes of it, as we'll need it for the next steps.
3. Create a Redistribute profile for the announcement of the routes
Network > Virtual Routers > [click on appropriate VR] > Redistribution Profile > Add
4. Apply the newly created Redistribution profile to BGP
Network > Virtual Routers > [click on appropriate VR] > BGP > Redist Rules > Add
Click on the drop down option under Name, and choose the appropriate Redistribution Profile
that was created in Step3, in our example we used GPstatic2BGP
5. Click OK twice and Commit the changes
6. Verify that BGP is now learning the routes
Network > Virtual Routers > More Runtime Stats > BGP > Local RIB