Running BGP between Cisco routers and the Palo Alto Firewall
- February 16, 2024
- Posted by: Lyfey Technologies
- Category: Networking
When setting up your network composed of Cisco routers and Palo Alto Firewalls, you have multiple options for achieving communication within your AS and also communication with outside networks. You can use static routes or run dynamic routing protocols like OSPF, RIP, and BGP. In our last article, we demonstrated how to configure OSPF between your Cisco routers and the Palo Alto firewall. Check out the lab simulation on OSPF configuration from this link: Configuring OSPF between Cisco routers and Palo Alto Firewalls
In this article, we demonstrate how to configure BGP for inter-zone communication in a network with Cisco routers and Palo Alto Firewalls.
Step 1: Configure system names, IP addresses, and BGP on the routers.
******************************IT-ZONE-R4
enable
configure terminal
hostname IT-ZONE-R4
interface FastEthernet0/0
ip address 10.251.253.10 255.255.255.0
no shutdown
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 10.251.253.100 remote-as 65000
no auto-summary
!
write******************************HR-ZONE-R2
enable
configure terminal
hostname HR-ZONE-R2
!
interface FastEthernet0/0
ip address 10.251.250.10 255.255.255.0
no shutdown
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 10.251.250.100 remote-as 65000
no auto-summary
!
write******************************DMZ-ZONE-R3
enable
configure terminal
hostname DMZ-ZONE-R3
interface FastEthernet0/0
ip address 10.251.252.10 255.255.255.0
no shutdown
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 10.251.252.100 remote-as 65000
no auto-summary
!
write******************************R4_Internet
enable
configure terminal
hostname R4_Internet
!
interface FastEthernet0/0
description TO_PA_FW_01
ip address 178.0.0.10 255.255.255.0
no shutdown
!
router bgp 65501
no synchronization
bgp log-neighbor-changes
network 178.0.0.0 mask 255.255.255.0
neighbor 178.0.0.100 remote-as 65000
no auto-summary
!Step 2: Run Basic configurations on the Firewall
set deviceconfig system hostname PA01
set deviceconfig system type static
set deviceconfig system timezone Africa/Nairob
set deviceconfig system domain lab.local
set deviceconfig system ip-address 192.168.71.130
set deviceconfig system netmask 255.255.255.0
set deviceconfig system default-gateway 192.168.71.128
set deviceconfig system dns-setting servers primary 8.8.8.8
set deviceconfig system dns-setting servers secondary 1.1.1.1Step 3: Configure interfaces on the PaloAlto Firewall
set network interface ethernet ethernet1/1 link-state up
set network interface ethernet ethernet1/1 comment ZONE_DMZ_1
set network interface ethernet ethernet1/1 layer3 interface-management-profile Ping
set network interface ethernet ethernet1/1 layer3 ip 10.251.250.100/24
set network interface ethernet ethernet1/2 comment INSIDE_ZONE
set network interface ethernet ethernet1/2 link-state up
set network interface ethernet ethernet1/2 layer3 interface-management-profile Ping
set network interface ethernet ethernet1/2 layer3 ip 10.251.253.100/24
set network interface ethernet ethernet1/3 comment DMZ_ZONE2
set network interface ethernet ethernet1/3 link-state up
set network interface ethernet ethernet1/3 layer3 interface-management-profile Ping
set network interface ethernet ethernet1/3 layer3 ip 10.251.252.100/24
set network interface ethernet ethernet1/4 layer3 ip 178.0.0.100/24
set network interface ethernet ethernet1/4 layer3 interface-management-profile Ping
set network interface ethernet ethernet1/4 comment OUTSIDE_ZONE
set network interface ethernet ethernet1/4 link-state upStep 4: Configure a Virtual router and assign the interface to the virtual router.
set network virtual-router VR01
set network virtual-router VR01 interface [ ethernet1/1 ethernet1/2 ethernet1/3 ethernet1/4 ]Step 5: Configure your security zones on the Firewall and assign interfaces to respective zones accordingly
set zone OUTSIDE_ZONE network layer3 ethernet1/4
set zone INSIDE_ZONE network layer3 ethernet1/2
set zone DMN_ZONE1 network layer3 ethernet1/1
set zone DMZ_ZONE2 network layer3 ethernet1/3Step 6: Configure a security policy to allow communication between zones. We allow communication among all zones in our lab simulation.
set rulebase security rules Allow_ALL to any
set rulebase security rules Allow_ALL from any
set rulebase security rules Allow_ALL source any
set rulebase security rules Allow_ALL destination any
set rulebase security rules Allow_ALL source-user any
set rulebase security rules Allow_ALL category any
set rulebase security rules Allow_ALL application any
set rulebase security rules Allow_ALL service application-default
set rulebase security rules Allow_ALL hip-profiles any
set rulebase security rules Allow_ALL action allowStep 7: Configure BGP between your Cisco routers and the Palo Alto Firewall.
set network virtual-router VR01 protocol bgp enable yes
set network virtual-router VR01 protocol bgp router-id 100.100.100.100
set network virtual-router VR01 protocol bgp local-as 65000
set network virtual-router VR01 protocol bgp install-route yes
set network virtual-router VR01 protocol bgp peer-group Out-R1 enable yes
set network virtual-router VR01 protocol bgp peer-group Out-R1 peer R4_Internet local-address ip 178.0.0.100/24
set network virtual-router VR01 protocol bgp peer-group Out-R1 peer R4_Internet local-address interface ethernet1/4
set network virtual-router VR01 protocol bgp peer-group Out-R1 peer R4_Internet peer-address ip 178.0.0.10
set network virtual-router VR01 protocol bgp peer-group Out-R1 peer R4_Internet peer-as 65501
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer HR-ZONE-R2 local-address ip 10.251.250.100/24
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer HR-ZONE-R2 local-address interface ethernet1/1
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer HR-ZONE-R2 peer-address ip 10.251.250.10
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer HR-ZONE-R2 peer-as 65000
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer HR-ZONE-R2 enable-mp-bgp no
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer HR-ZONE-R2 address-family-identifier ipv4
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer HR-ZONE-R2 enable yes
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer IT-ZONE-R4 local-address ip 10.251.253.100/24
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer IT-ZONE-R4 local-address interface ethernet1/2
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer IT-ZONE-R4 peer-address ip 10.251.253.10
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer IT-ZONE-R4 peer-as 65000
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer IT-ZONE-R4 address-family-identifier ipv4
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer IT-ZONE-R4 enable yes
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer DMZ-ZONE0-R3 local-address ip 10.251.252.100/24
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer DMZ-ZONE0-R3 local-address interface ethernet1/3
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer DMZ-ZONE0-R3 peer-address ip 10.251.252.10
set network virtual-router VR01 protocol bgp peer-group Internal_Peering peer DMZ-ZONE0-R3 peer-as 65000
set network virtual-router VR01 protocol bgp peer-group Internal_Peering enable yesStep 8: Verify your BGP peering is up on the Palo Alto firewall and the routers.
To simulate route learning through BGP on Palo Alto Firewall, we configure a loopback 100 on IT-ZONE-R4 router and advertise it into BGP.
reliable pharmacy rx: Nimotop – australian pharmacy domperidone
sildenafil 20mg prescription cost: buy sildenafil 100mg online – sildenafil online for sale
viagra online from canada generic VGR Sources viagra 200mg uk
https://vgrsources.com/# sildenafil 100mg paypal
buy viagra in usa online: VGR Sources – sildenafil 20 mg online prescription
generic viagra for daily use: VGR Sources – sildenafil uk cheapest
where to buy sildenafil online: VGR Sources – viagrarel.com/
generic viagra online australia VGR Sources viagra cost australia
where can you buy cheap viagra: buy viagra cheap – buy generic viagra online free shipping
viagra 25mg for sale: cheap generic viagra fast delivery – no script viagra
300 mg viagra: VGR Sources – sildenafil online in india
buy sildenafil 100mg online generic viagra in india online over the counter viagra india
https://vgrsources.com/# price for 100mg viagra
where to buy female viagra: VGR Sources – over the counter viagra online
where to buy female viagra in australia: how much is sildenafil in uk – viagra pills without prescription
us pharmacy generic viagra: can you order viagra without a prescription – sildenafil medicine in india
how to buy sildenafil VGR Sources how can i get generic viagra
generic viagra coupon: VGR Sources – sildenafil citrate women
https://vgrsources.com/# buy viagra from india
viagra cream australia: viagra without prescription usa – brand viagra online australia
order viagra online australia female viagra pills online india how to buy viagra in us
sildenafil tablet online india: VGR Sources – viagra 100mg online uk
female viagra in india online purchase: VGR Sources – viagra 100 buy
viagra online order india: VGR Sources – how can i get generic viagra
buy viagra online no script online rx viagra sildenafil 20mg prescription cost
how to get viagra tablets: VGR Sources – buy generic viagra online fast shipping
where to get over the counter viagra: VGR Sources – generic viagra online canadian
sildenafil tablet online india: sildenafil pills sale – sublingual viagra
buy viagra 50mg canadian online pharmacy viagra how to get viagra online
canadian pharmacy real viagra: VGR Sources – generic viagra india online
https://vgrsources.com/# female viagra south africa
sildenafil pills online: VGR Sources – sildenafil for sale usa
viagra for sale online canada: VGR Sources – where can you get viagra uk
cheapest sildenafil india get viagra sildenafil buy cheap
viagra online ordering: can i buy viagra online legally – where to buy viagra in canada safely
how to get viagra pills: VGR Sources – viagra otc
female version of viagra: where to buy viagra with paypal – viagra 50 mg
where can i buy over the counter viagra discount generic viagra india average cost for viagra
sildenafil citrate 100mg tablets: VGR Sources – generic viagra
where to buy female viagra in australia: VGR Sources – purchase viagra online cheap
https://vgrsources.com/# buy sildenafil from india
female viagra nz: viagra substitutes – viagra chewable
cheap viagra india online: VGR Sources – generic viagra 50mg online
cost of viagra generic: VGR Sources – where to get viagra in canada
buy viagra pills online india: VGR Sources – cheap viagra soft tabs
viagra cost in australia sildenafil fast delivery cheap generic viagra online canada
viagra 130 mg: VGR Sources – cheap female viagra
best viagra for sale: VGR Sources – viagra for sale in united states
india viagra: price of sildenafil 100mg – viagra uk pharmacy
https://vgrsources.com/# viagra usa prescription
can i buy generic viagra in canada VGR Sources sildenafil fast shipping
sildenafil price australia: order sildenafil india – viagra canada otc
viagra tablets in india online: VGR Sources – viagra gel in india
viagra prescription nz: female viagra nz – order generic viagra online usa
where to get viagra pills: VGR Sources – viagra 40 mg
viagra chewable: best price for viagra 100 mg – generic viagra online pharmacy canada
how do you get viagra: VGR Sources – viagra online pharmacy canada
https://vgrsources.com/# how to get viagra cheap
generic viagra canada: VGR Sources – female viagra price
viagra sildenafil: VGR Sources – buy viagra over the counter usa
buy viagra online discount VGR Sources 100mg viagra cost
viagra for ladies: VGR Sources – buy viagra levitra
how to get a viagra prescription online: VGR Sources – best price for sildenafil 20 mg
rybelsus natural alternatives: Semaglutide tablets without prescription – Semaglu Pharm
SemagluPharm SemagluPharm Where to buy Semaglutide legally
http://lipipharm.com/# LipiPharm
compare prednisone prices: Predni Pharm – PredniPharm
SemagluPharm: does medicare cover rybelsus – SemagluPharm
crestor cvs: Crestor Pharm – CrestorPharm
Lipi Pharm Lipi Pharm zetia vs lipitor
Semaglu Pharm: rybelsus 14 mg precio farmacia guadalajara – Semaglu Pharm
http://semaglupharm.com/# No prescription diabetes meds online
Lipi Pharm Lipi Pharm atorvastatin 40 mg c3
Crestor Pharm: Crestor Pharm – Online statin therapy without RX
Semaglutide tablets without prescription: SemagluPharm – Online pharmacy Rybelsus
Buy statins online discreet shipping: does rosuvastatin make you sleepy – Crestor home delivery USA
SemagluPharm Affordable Rybelsus price Order Rybelsus discreetly
Semaglu Pharm: Online pharmacy Rybelsus – Semaglu Pharm
what is considered a high-dose of atorvastatin: Generic Lipitor fast delivery – Cheap Lipitor 10mg / 20mg / 40mg
Semaglu Pharm: Semaglu Pharm – Order Rybelsus discreetly
PredniPharm: prednisone 20mg online – Predni Pharm
LipiPharm Lipi Pharm LipiPharm
Lipi Pharm: atorvastatin erectile dysfunction – Cheap Lipitor 10mg / 20mg / 40mg
Where to buy Semaglutide legally: SemagluPharm – Semaglu Pharm
https://crestorpharm.shop/# Crestor home delivery USA
Rybelsus 3mg 7mg 14mg Semaglu Pharm where do you inject semaglutide
Lipi Pharm: LipiPharm – does lipitor affect the liver
alternative to semaglutide: rybelsus costco – Semaglu Pharm
Rybelsus for blood sugar control: Semaglu Pharm – can semaglutide cause pancreatitis
Lipi Pharm п»їBuy Lipitor without prescription USA LipiPharm
Online pharmacy Rybelsus: SemagluPharm – Semaglu Pharm
CrestorPharm: Crestor Pharm – what happens if i stop taking rosuvastatin
LipiPharm: Lipi Pharm – Atorvastatin online pharmacy
https://prednipharm.com/# Predni Pharm
can i buy prednisone online without prescription generic prednisone 10mg PredniPharm
Lipi Pharm: FDA-approved generic statins online – LipiPharm
SemagluPharm: SemagluPharm – SemagluPharm
is crestor a statin: No doctor visit required statins – CrestorPharm
does rybelsus cause yeast infections: Semaglutide tablets without prescription – Semaglu Pharm
Affordable Lipitor alternatives USA: Lipi Pharm – Lipi Pharm
https://prednipharm.com/# Predni Pharm
п»їBuy Lipitor without prescription USA Order cholesterol medication online LipiPharm
Online statin therapy without RX: Buy statins online discreet shipping – Crestor Pharm
rosuvastatin vs simvastatin: Generic Crestor for high cholesterol – Buy cholesterol medicine online cheap
Order Rybelsus discreetly can you take semaglutide while pregnant Rybelsus online pharmacy reviews
buy prednisone canada: Predni Pharm – PredniPharm
compound pharmacy semaglutide: Semaglu Pharm – Semaglu Pharm
https://lipipharm.shop/# LipiPharm
Predni Pharm prednisone 5 mg tablet rx 5 mg prednisone tablets
Predni Pharm: PredniPharm – prednisone ordering online
http://semaglupharm.com/# Safe delivery in the US
Semaglu Pharm Semaglutide tablets without prescription semaglutide + b12 side effects
Crestor Pharm: CrestorPharm – crestor lower back pain
what to avoid when taking crestor: rosuvastatin calcium 5 mg cost – CrestorPharm
https://semaglupharm.com/# rybelsus company
Lipi Pharm LipiPharm lipitor cvs
lipitor price: lipitor vs lovastatin – LipiPharm
https://semaglupharm.com/# rybelsus buy
https://crestorpharm.com/# Crestor Pharm
Discreet shipping for Lipitor Lipi Pharm LipiPharm
Semaglu Pharm: how to get semaglutide online – Semaglu Pharm
Crestor Pharm: CrestorPharm – CrestorPharm
https://semaglupharm.shop/# Semaglu Pharm
Over-the-counter Crestor USA Crestor Pharm Rosuvastatin tablets without doctor approval
prednisone canada prices: Predni Pharm – prednisone 20 mg tablets coupon
https://semaglupharm.shop/# rybelsus commercial 2024
rybelsus indication: SemagluPharm – SemagluPharm
https://crestorpharm.com/# CrestorPharm
https://semaglupharm.shop/# SemagluPharm
prednisone online paypal Predni Pharm PredniPharm
PredniPharm: prednisone 300mg – PredniPharm
http://semaglupharm.com/# icd 10 code for long term use of rybelsus
CrestorPharm what is the most common side effect of rosuvastatin? Generic Crestor for high cholesterol
LipiPharm: lipitor 80 mg used for – Lipi Pharm
generic medication for lipitor: LipiPharm – atorvastatin 20 mg price walmart
https://prednipharm.com/# prednisone price canada
https://semaglupharm.shop/# rybelsus side effects reddit
prednisone 1 mg for sale online prednisone 5mg prednisone without a prescription
rosuvastatin tab 10mg: thuб»‘c crestor 10mg – Crestor Pharm
Crestor home delivery USA: Crestor Pharm – CrestorPharm