set bgp external remote-as as_number

{on | off}

aspath-prepend-count <1-25 | default>

description "text"

local-address ip_address {on | off}

outdelay <0-65535>

outdelay off

as_number {on | off}

The autonomous system number of the external peer group. Enter an integer from 1‑65535.

aspath-prepend-count <1-25> | default>

The number of times this router adds to the autonomous system path on external BGP sessions. Use this option to bias the degree of preference some downstream routers have for the routes originated by this router. Some implementations prefer to select paths with shorter autonomous system paths. Default is 1.

description "text"

You can enter a brief text description of the group.

local-address ip_address {on | off}

The address used on the local end of the TCP connection with the peer. For external peers that do not have multihop enabled, the local address must be
on an interface that is shared with the peer or with the peer's gateway when the gateway parameter is used. A session with an external peer is opened only when an interface with a local address through which the peer or gateway address is directly reachable is operating.

For other types of peers, a peer session is maintained when any interface with the specified local address is operating. In either case, incoming connections are recognized as matching a configured peer only if they are addressed to the configured local address.

Note: If running BGP in a cluster you must not configure the local address.

• Default: Off

outdelay <0-65535>

The amount of time in seconds that a route must be present in the routing database before it is redistributed to BGP. The configured value applies to all peers configured in this group. This feature dampens route fluctuation. The value zero (0) disables this feature.

• Default: 0

outdelay off

Disables outdelay.

set bgp external remote-as <as_number> peer

<ip_address> {on | off}

accept-med {on | off}

accept-routes {all | none}

allowas-in-count {0-10 | default}

as-override {on | off}

authtype {none | md5 secret <secret>}

capability {default | ipv4-unicast | ipv6-unicast}

graceful-restart-helper {on | off}

graceful-restart-helper-stalepath-time <seconds>

holdtime {<6-65535> | default}

ignore-first-ashop {on | off}

ip-reachability-detection

check-control-plane-failure

multihop

off

on

keepalive {<2-21845> | default}

log-state-transitions {on | off}

log-warnings {on | off}

med-out {<0-4294967294> | default}

multihop {on | off}

no-aggregator-id {on | off}

outgoing-interface <finterface> {on | off}

passive-tcp {on | off}

peer-local-as

dual peering {on | off}

inbound-peer-local {on | off}

outbound-local {on | off}

peer-local-as as {{<1-4294967295> | <0.1-65535.65535>} on | off}

removeprivateas {on | off}

route-refresh {on | off}

send-keepalives {on | off}

send-route-refresh {request | route-update} {ipv4 | ipv6 | all} [unicast]

suppress-default-originate {on | off}

throttle-count {<0-65535> | off}

trace bgp_traceoption {on | off}

ttl {1-255 | default}

ip_address {on | off}

A specified peer <ip_address> for the group.

med-out {<0-4294967294> | default}

The multi-exit discriminator (MED) metric used as the primary metric on all routes sent to the specified peer address. This metric overrides the default metric on a metric specified by the redistribute policy. External peers use MED values to know which of the available entry points into an autonomous system is preferred. A lower MED value is preferred over a higher MED value.

Default: 4294967294

outgoing-interface <interface> {on | off}

IPv6 peer with FE80: local address only: All peer interfaces have a local address and a global address. All the peer interfaces can have the same local address, which starts with FE80:. To use the local address, you must enter the outgoing interface for the local address.

accept-med {on | off}

Accept MED from the specified peer address. If you do not set this option, the MED is stripped from the advertisement before the update is added to the routing table.

multihop {on | off}

Enable multihop connections with external BGP (EBGP) peers that are not directly connected. By default, external BGP peers are expected to be directly connected. You can configure the multihop session in the Time to Live (TTL) parameter, that is, the number of hops to the EBGP peer. This option can also be used to set up peers for EBGP load balancing.

Default: Off

peer-local-as as {{<1-4294967295> | <0.1-65535.65535>} on | off}

Configures the connection to a remote peer with a Peer Local ASN, on a per-peer basis. The Peer Local ASN replaces the Local ASN in the BGP session.

peer-local-as {inbound-peer-local | outbound-local | dual peering} {on | off}

Default for inbound-peer-local: On

Default for outbound-local: On

Default for dual-peering: Off

as-override

As a rule, to prevent loops in BGP, routers examine the AS number in the AS Path. If a router sees its own AS number in the AS Path of the BGP packet, it drops the packet.

This feature lets the router at the sending end override the peer's AS number with the router's AS number in the outbound AS path. This helps multiple sites in the same AS accept the routes. If the Peer Local AS feature is enabled, the router uses the configured Peer Local AS to override the remote peer's AS number.

Default: Off

allow-as-in-count {0-10 | default}

This feature lets the router at the receiving end override the peer's AS number with the router's AS number in the inbound AS path.

This is an inbound property whereas as-override is an outbound property.

• Range: 0-10
• Default: 0

ttl {<1-255> | default}

Use the TTL (Time to Live) parameter to limit the number of hops over which the External BGP (EBGP) multihop session is created. You can configure the TTL only if EBGP multihop is enabled. The default TTL is 64. When multihop is disabled the default TTL is 1.

Default: 64

no-aggregator-id {on | off}

The router’s aggregate attribute as zero (rather than the router ID value). This option prevents the creation of aggregate routes with different AS paths by different routers in an AS.

holdtime {<6-65535> | default}

The BGP holdtime interval, in seconds, during the negotiation of a connection with the specified peer. If the BGP speaker does not receive a keepalive update or notification message from its peer within the period specified in the holdtime field of the BGP open message, the BGP connection is closed.

Default: 180 seconds

keepalive {<2-21945> | default}

The keepalive option is an alternative way to enter a holdtime value in seconds during the negotiation of a connection with the specified peer. You can use the keepalive interval instead of the holdtime interval. You can also use both intervals, but the holdtime value must be 3 times the keepalive interval value.

Default: 60 seconds

ignore-first-ashop {on | off}

Ignore the first AS number in the AS path for routes learned from the corresponding peer. Set this option only if you peer with a route server in transparent mode. In transparent mode, the route server redistributes routes from multiple other autonomous systems and does not prepend its own ASN.

send-keepalives {on | off}

The router always sends keepalive messages even when an update message is sufficient. This option lets the router interoperate with other routers that do not strictly follow protocol specifications regarding updates.

send-route-refresh {request | route-update}{ipv4 | ipv6 | all} unicast

The router dynamically requests BGP route updates from peers or responds to requests for BGP route updates.

route-refresh {on | off}

Re-learns routes previously sent by the BGP peer or refreshes the routing table of the peer. The peer responds to the message with the current routing table. Similarly, if a peer sends a route refresh request the current routing table is re-sent. A user can also trigger a route update and not wait for a route refresh request from the peer.

accept-routes {all | none}

An inbound BGP policy route if one is not already configured.

Enter all to set accepting routes and install them with an invalid preference. Depending on the local inbound route policy, these routes are then made active or inactive.

Enter none to delete routes learned from a peer. This option saves memory overhead when many routes are rejected because there is no inbound policy.

passive-tcp {on | off}

The router waits for the specified peer to issue an open message. The router does not initiate tcp connections.

removeprivateas {on | off}

Remove private AS numbers from BGP update messages to external peers.

authtype {none | md5 secret <secret>}

Enter none to not use an authentication scheme between peers. If you use an authentication scheme, routing information is accepted only from trusted peers.

Enter md5 to use MD5 authentication between peers. In general, peers must agree on the authentication configuration to and from peer adjacencies. If you use an authentication scheme, routing information is accepted only from trusted peers.

Default: none

throttle-count {<0-65535> | off}

The number of BGP updates to send at one time. This option limits the number of BGP updates when there are many BGP peers. Off disables the throttle count option.

suppress-default-originate {on | off}

Do NOT generate a default route when the peer receives a valid update from its peer.

log-state-transitions {on | off}

The router generates a log message when a peer enters or leaves the established state.

log-warnings {on | off}

The router generates a log message when there is a warning scenario in the codepath.

trace bgp_traceoption {on | off}

Tracing options for the BGP implementation. Log messages are saved in the /var/log/routed.log.* files. See Configuring Trace Options - Gaia Clish.

capability {default | ipv4-unicast | ipv6-unicast}

On each peer, configure the type of routes (Multiprotocol capability) to interchange between peers. Select one of these:

• IPv4 Unicast Only (the default)
• IPv6 Unicast Only
• Both IPv4 and IPv6

To create peering, the routers must share a capability.

graceful-restart-helper {on | off}

Sets the Check Point system to maintain the forwarding state advertised by peer routers even when they restart. This minimizes the negative effects caused by the restart of peer routers.

graceful-restart-helper-stalepath-time <seconds>

The maximal seconds that routes previously received from a restarting router are kept so that they can be revalidated. The timer starts after the peer sends an indication that it recovered.

ip-reachability-detection {off | on | multihop | check-control-plane-failure}

Configure Bidirectional Forwarding Detection (BFD) on each Security Gateway and cluster member that sends or receives BFD packets.

• off - The default state. Stale routes are purged when the peer goes down.
• on - Sets the peer to singlehop BFD. singlehop BFD is for a peer that is one hop away. The peer must be on a directly connected network. Make sure the firewall policy allows UDP port 3784 in both directions.
• multihop - For a peer is one or more hops away. Make sure the firewall policy allows UDP port 4784 in both directions. The configuration on both BFD peers must be the same (both configured as multiphop or singlehop.
• check-control-plane-failure - Interprets the control plane independent flag (the C bit) received from the remote BFD peer.

  When these two conditions are met at the same time, the gateway keeps stale routes and does not purge them, for graceful restart purposes:

  1. The C-bit received from the peer is zero.
  2. BGP graceful restart is enabled.

Make sure the SmartConsole topology is correct (issues with incorrect firewall topology can cause Anti-Spoofing to interfere with BFD traffic.

set bgp

confederation identifier as_number

confederation identifier off

confederation aspath-loops-permitted <1-10>

confederation aspath-loops-permitted default

routing-domain identifier as_number

routing-domain identifier off

routing-domain aspath-loops-permitted <1-10>

routing-domain aspath-loops-permitted default

synchronization {on | off}

confederation identifier as_number

Specifies the identifier for the entire confederation. This identifier is used as the autonomous system number in external BGP sessions. Outside the confederation, the confederation id is the autonomous system number of a single, large autonomous system. Thus the confederation id must be a globally unique, typically assigned autonomous system number.

confederation identifier off

Disables the confederation identifier.

confederation aspath-loops permitted <1-10>

Specifies the number of times the local autonomous system can appear in an autonomous system path for BGP-learned routes. If this number is higher than the number of times the local autonomous system appears in an autonomous system path, the corresponding routes are discarded or rejected.

confederation aspath loops-permitted default

Specifies a value of 1.

routing-domain identifier as_number

Specifies the routing domain identifier (RDI) for this router. You must specify the RDI if you are using BGP confederations. The RDI does not need to be globally unique since it is used only within the domain of the confederation.

routing-domain identifier off

Disables the routing-domain identifier.

routing-domain aspath-loops-permitted <1-10>

Specifies the number of times the local autonomous system can appear in an autonomous system path for BGP-learned routes. If this number is higher than the number of times the local autonomous system appears in an autonomous system path, the corresponding routes are discarded or rejected.

routing-domain aspath-loops-permitted default

Specifies a value of 1.

synchronization {on | off}

Enables IGP synchronization. Set this option On to cause internal and confederation BGP peers to check for a matching route from IGP protocol before installing a BGP learned route.

Note - The IP address of a peer can be an IPv4 or an IPv6 address.

set bgp confederation member-as <as_id>

[on | off]

description [off | "<description">]

interface <int> [on | off]

local-address <IP_addr> [off | on]

med [default | <value>]

nexthop-self [off | on]

outdelay [off | <delay>]

peer <IP_addr>

[off | on]

accept-routes [all | none]

authtype [none | md5 secret <passwd>]

capability [ipv4-unicast | ipv6-unicast] [off | on]

graceful-restart [off | on]

graceful-restart-stalepath-time [default | <time>]

holdtime [default | <time>]

ignore-first-ashop [off | on]

keepalive [default | <time>]

local-address <local_IP_addr> [off | on]

log-state-transitions [off | on]

log-warnings [off | on]

no-aggregator-id [off | on]

outgoing-interface <int> [off | on]

passive-tcp [off | on]

peer-type

[none] [off | on]

[reflector-client] [off | on]

[no-client-reflector] [off | on]

ping [off | on]

route-refresh [off | on]

send-keepalives [off | on]

send-route-refresh

request [all | ipv4 | ipv6] unicast

route-update [all | ipv4 | ipv6] unicast

throttle-count [off | <count>]

trace [all | keepalive | open | packets | update | general | normal | policy | route | state | task | timer] [off | on]

weight <weight>

comment "<comment>"

protocol [all | bgp | direct | rip | static | ospf | ospfase]

[on | off]

Creates (on) or removes (off) a peer group with AS id <as_id>.

description [off | "<description>"]

Sets the peer group description to <description>, or turns off the description (off).

interface <int> [off | on]

Sets a gateway interface (<int>: eth1, eth2, etc.) as the peer group interface, and turns it on or off.

local-address <IP_addr> [off | on]

Sets a peer group with an IP address on the local gateway.

med [default | <value>]

Sets the peer group local Multi-Exit Discriminator. The default is 0.

nexthop-self [off | on]

Sets (on) or removes (off) the local gateway as the default exit gateway for the peer group.

outdelay [off | <delay>]

Sets or removes the out-delay value (in seconds). Set this value to enforce rate limiting.

peer <IP_addr> [off | on]

Creates a peer group with the specified gateway (<IP_addr>).

protocol [all | bgp | direct | rip | static | ospf | ospfase]

Sets an internal peer group protocol.

peer <IP_addr> accept-routes [all | none]

Accepts routes from peers only if there is an inbound BGP route policy. In the absence of a configured import policy for this peer, specify 'all' or 'none' here. The default is 'all'.

• all - Accepts and installs routes with an invalid preference. Depending on the local BGP inbound policy, the routes can become active or inactive.
• none - Deletes routes from a peer when no explicit local BGP inbound policy exists. Use this option to save memory overhead when many routes are rejected because there is no local policy. These routes can be re-learned only if you restart the BGP session.

peer <IP_addr> authtype [none | md5 secret <passwd>]

Sets peer authentication between the local gateway and the specified peer gateway (<IP_addr>). You can set it to MD5 and specify the password (<passwd>), or you can turn it off (none).

peer <IP_addr> capability [ipv4-unicast | ipv6-unicast] [off | on]

Configures peer multiprotocol capabilities (ipv4-unicast or ipv6-unicast) with the specified peer (<IP_addr>). Turn these on or off, if necessary.

peer <IP_addr> graceful-restart [off | on]

Turns graceful restart on and off between the local gateway and the specified peer (<IP_addr>).

peer <IP_addr> graceful-restart-stalepath-time [default | <time>]

Sets graceful restart stalepath time (in seconds) with the specified peer (<IP_addr>).

peer <IP_addr> holdtime [default | <time>]

Sets the maximal amount of time (in seconds) that can elapse between messages from the specified peer (<IP_addr>).

peer <IP_addr> ignore-first-ashop [off | on]

Sets the router to ignore the first AS number in the AS_PATH for routes learned from the specified peer. Use this option for a route server peer in so-called transparent mode. The route server is configured to redistribute routes from multiple ASs and does not prepend its own AS number.

peer <IP_addr> keepalive [default | <time>]

Sets the keepalive timer (in seconds) for the specified peer (<IP_addr>).

peer <IP_addr> local-address <local_IP_addr> [off | on]

Sets a local IP address (<local_IP_addr>) for the specified peer (<IP_addr>).

peer <IP_addr> log-state-transitions [off | on]

Turns logging of peer state transitions on or off for the specified peer (<IP_addr>).

peer <IP_addr> log-warnings [off | on]

Turns logging of warnings on or off for the specified peer (<IP_addr>).

peer <IP_addr> no-aggregator-id [off | on]

Sets the specified peer (<IP_addr>) to not aggregate AS routes (on). If set to off, the peer will create aggregate routes.

peer <IP_addr> outgoing-interface <int> [off | on]

Sets a specific outgoing interface (<int>) to the specified peer (<IP_addr>).

peer <IP_addr> passive-tcp [off | on]

Sets peer passive behavior. If on, the gateway does not initialize connections to the specified remote peer (<IP_addr>). The default is off.

peer <IP_addr> peer-type [none | reflector-client | no-client-reflector] [off | on]

Sets the local gateway's peer type in the relation to the specified peer (<IP_addr>).

peer <IP_addr> ping [off | on]

Sets ping capability between the local gateway and the specified peer (<IP_addr>). The default is off.

peer <IP_addr> route-refresh [off | on]

Sets route refresh capability between the local gateway and the specified peer (<IP_addr>). The default is off.

peer <IP_addr> send-keepalives [off | on]

Sets the gateway to always send keepalive messages to the specified peer (<IP_addr>). The default is off.

peer <IP_addr> send-route-refresh request [all | ipv4 | ipv6] unicast

Sets the local gateway to request BGP route updates from the specified peer (<IP_addr>).

peer <IP_addr> send-route-refresh route-update [all | ipv4 | ipv6] unicast

Sets the local gateway to respond to requests for BGP route updates from the specified peer (<IP_addr>).

peer <IP_addr> throttle-count [off | <count>]

Sets the maximal number of BGP updates that can be sent at one time to the specified peer (<IP_addr>). The range for the <count> is 0-65535. The default is off.

peer <IP_addr> trace [keepalive | open | packets | update | all | general | normal | policy | route | state | task | timer] [off | on]

Sets the types of packets to trace from the specified peer (<IP_addr>).

peer <IP_addr> weight <weight>

Sets the weight for the specified peer (<IP_addr>). The value range for the <weight> is 0-65535.

peer <IP_addr> comment "<comment>"

Sets a comment associated with the specified peer (<IP_addr>).

set bgp

internal peer <ip_address> peer-type

none

no-client-reflector

reflector-client

cluster-id {<ip_address> | off}

default-med {<0-65535> | off}

default-route-gateway {<ip_address> | off}

internal peer <ip_address>
peer-type none

The peer router <ip_address> is not a reflector client of the local router. This is the default.

internal peer <ip_address>
peer-type no-client-reflector

An advanced option.

internal peer <ip_address>
peer-type reflector-client

The peer router <ip_address> is a reflector client of the local router.

cluster-id <ip_address>

The cluster ID used for route reflection. The cluster ID default is that of the router id. Override the default if the cluster has more than one route reflector

cluster-id off

Disable the cluster ID.

default-med <0-65535>

The multi-exit discriminator (MED) metric used to advertise routes through BGP.

default-med off

Disable the specified MED metric.

default-route-gateway <ip_address>

The default route. This route has a higher rank than any configured default static route for this router. If you do not want a BGP peer considered for generating the default route, use the peer <ip_address> suppress-default-originate on command.

default-route-gateway off

Disables the configured default BGP route.

set bgp dampening

{on | off}

suppress-above {<2-32> | default}

reuse-below {<1-32> | default}

max-flat {<3-64> | default}

reachable-decay {<1-900> | default}

unreachable-decay [<1-2700> | default}

keep-history {<2-5400> | default}

{on | off}

Specifies whether to enable or disable BGP route dampening.

suppress-above <2-32>

Specifies the value of the instability metric at which route suppression takes place. A route is not installed in the forwarding table or announced even if it reachable during the period that it is suppressed.

suppress-above default

Specifies an instability metric value for suppressing routes of 3.

reuse-below metric <1-32>

Specifies the value of the instability metric at which a suppressed route becomes unsuppressed if it is reachable but currently suppressed. The value assigned to the reuse-below metric must be lower than the suppress-above value.

reuse-below metric default

Specifies an instability metric value for announcing previously suppressed routes of 2.

max-flap <3-64>

Specifies the upper limit of the instability metric. The value must be greater than the suppress-above value plus 1. Each time a route becomes unreachable, 1 is added to the current instability metric.

max-flat default

Specifies the upper limit of the instability metric as 16.

reachable-decay <1-900>

Specifies the time for the instability metric to reach half of its value when the route is reachable. The smaller the value the sooner a suppressed route becomes reusable.

reachable-decay default

Specifies a value of 300.

unreachable-decay <1-2700>

Specifies the time for the instability metric to reach half its value when the route is NOT reachable. The value must be equal to or higher than the reachable-decay value.

unreachable-decay default

Specifies a value of 900

keep-history <2-5400>

Specifies the period for which route flapping history is maintained for a given route.

keep-history default

Specifies a value of 1800.

set bgp internal

{on | off}

description "text"

med <0-65535>

med default

outdelay <0-65535>

outdelay off

nexthop-self {on | off}

local-address <ip_address> {on | off}

interface [all | <if_name>] {on | off}

protocol [all | bgp_internal_protocol] {on | off}

graceful-restart-helper {on | off}

graceful-restart-helper-stalepath-time seconds

route-refresh {on | off}

set bgp internal peer <ip_address>

peer_type {on | off}

weight <0-65535>

weight off

no-aggregator id {on | off}

holdtime <6-65535>

holdtime default

keepalive <2-21845>

keepalive default

ignore-first-ashop {on | off}

send-keepalives <on | off>

send-route-refresh [request | route-update] [ipv4 | ipv6 | all] [unicast]

ip-reachability-detection {on | off | check-control-plane-failure | multihop}

{on | off}

Enable or disable an internal BGP group.

description "text"

Optional: A brief text description of the group.

med <0-65535>

med default

outdelay <0-65535>

The amount of time in seconds that a route must be present in the
routing database before it is redistributed to BGP. The configured value
applies to all peers configured in this group. This feature dampens route
fluctuation. Zero (0), which means that this feature is disabled.

Default: 0

outdelay off

Disables outdelay.

nexthop-self {on | off}

This router sends one of its own IP addresses as the BGP next hop.

Default: off

local-address ip_address {on | off}

The address used on the local end of the TCP connection with the peer. For external peers that do not have multihop enabled, the local address must be on an interface that is shared with the peer or with the peer's gateway when the gateway parameter is used. A session with an external peer is opened only when an interface with a local address through which the peer or gateway address is directly reachable operates.

For other types of peers, a peer session is maintained when any interface with the specified local address operates. In both cases, incoming connections are recognized as matching a configured peer only if they are addressed to the configured local address.

Note - If you run BGP in a cluster, you must not configure the local address.

Default: Off

interface [all | <if_name>] {on | off}

Enable or disable the specified internal peer group on all interfaces or a specific interface.

protocol [all bgp_internal_protocol] {on | off}

Enable or disable all internal routing protocols on the specified internal peer group or specific internal protocols. You can enter the following specific internal protocols: direct, rip, static, ospf, and ospfase.

peer <ip_address> peer_type {on | off}

An internal peer address and peer type. Enter reflector-client to specify that the local router acts as a route reflector for the group of peers named. That is, the local router is the route reflection server, and the named peers are route reflection clients. Normally, the routing daemon readvertises, or reflects, routes it receives from one of its clients to all other IBGP peers, including the other peers in that client's group.
Enter no-client-reflector to specify that a reflection client's routes are reflected only to internal BGP peers in other groups. Clients in the group are assumed to be direct IBGP peers of each other.
Enter none if you do not want to specify route reflection.

peer <ip_address> weight <0-65535>

The weight associated with the specified peer. BGP implicitly stores any rejected routes by not mentioning them in a route filter. BGP explicitly mentions them within the routing table by using a restrict keyword with a negative weight. A negative weight prevents a route from becoming active, which prevents it from being installed in the forwarding table or exported to other protocols. This eliminates the need to break and reestablish a session upon reconfiguration if import route policy is changed.

peer <ip_address> weight off

Disables the weight associated with the specified peer.

peer <ip_address> aggregator id {on | off}

The router’s aggregate attribute as zero (rather than the router ID value). This option prevents different routers in an AS from creating aggregate routes with different AS paths.

Default: off

peer <ip_address> holdtime <6-65535>

The BGP holdtime interval, in seconds, when negotiating a connection with the specified peer. If the BGP speaker does not receive a keepalive update or notification message from its peer within the period specified in the holdtime field of the BGP open message, the BGP connection is closed.

peer <ip_address> holdtime default

A holdtime of 180 seconds.

peer <ip_address> keepalive <2-21845>

The keepalive option is an alternative way to specify a holdtime value in seconds when negotiating a connection with the specified peer. You can use the keepalive interval instead of the holdtime interval. You can also use both interval, but the holdtime value must be 3 times the keepalive interval value.

peer <ip_address> keepalive default

A keepalive interval of 60 seconds.

peer <ip_address> ignore-first-ashop {on | off}

Ignore the first autonomous system number in the autonomous system path for routes learned from the corresponding peer. Set this option only if you are peering with a route server in transparent mode, that is, when the route server is configured to redistribute routes from multiple other autonomous systems without prepending its own autonomous system number.

peer <ip_address> send-keepalives {on | off}

This router always sends keepalive messages even when an update message is sufficient. This option allows interoperability with routers that do not strictly adhere to protocol specifications regarding update.

send-route-refresh [request |  route-update [ipv4 | ipv6 | all] [unicast]

The router dynamically request BGP route updates from peers or respond to requests for BGP route updates.

peer <ip_address> accept-routes all

An inbound BGP policy route if one is not already configured. Enter all to specify accepting routes and installing them with an invalid preference. Depending on the local inbound route policy, these routes are then made active or inactive.

peer <ip_address> accept-routes none

An inbound BGP policy route if one is not already configured. Enter none to specify deleting routes learned from a peer. This option saves memory overhead when many routes are rejected because no inbound policy exists.

peer <ip_address> passive-tcp {on | off}

The router waits for the specified peer to issue an open message. No tcp connections are initiated by the router.

Default: off

peer <ip_address> authtype none

Do not use an authentication scheme between peers. Using an authentication scheme guarantees that routing information is accepted only from trusted peers.

peer <ip_address> authtype md5 secret <secret>

Use md5 authentication between peers. In general, peers must agree on the authentication configuration to and from peer adjacencies. Using an authentication scheme guarantees that routing information is accepted only from trusted peers.

peer <ip_address> throttle-count <0-65535>

The number of BGP updates to send at one time. The throttle count option limits the number of BGP updates when there are many BGP peers.

peer <ip_address> throttle count off

Disables the throttle count option.

peer <ip_address> log-state-transitions {on | off}

The router generates a log message whenever a peer enters or leave the established state.

peer <ip_address> log-warnings {on | off}

The router generates a log message whenever a warning scenario is encountered in the codepath.

peer <ip_address> trace bgp_traceoption {on | off}

Tracing options for the BGP implementation. Log messages are saved in the /var/log/routed.log.* files. See Configuring Trace Options - Gaia Clish.

graceful-restart-helper {on | off}

Whether the Check Point system should maintain the forwarding state advertised by peer routers even when they restart to minimize the negative effects caused by peer routers restarting.

graceful-restart-helper -stalepath-time seconds

The maximal amount of time that routes previously received from a restarting router are kept so that they can be revalidated. The timer is started after the peer sends an indication that it has recovered.

route-refresh {on | off}

Re-learns routes previously sent by the BGP peer or refreshes the routing table of the peer. The peer responds to the message with the current routing table. Similarly, if a peer sends a route refresh request the current routing table is re-sent. A user can also trigger a route update without having to wait for a route refresh request from the peer.

ip-reachability-detection {on | off | multihop | check-control-plane-failure}

Configure Bidirectional Forwarding Detection (BFD) on each Security Gateway and cluster member that sends or receives BFD packets.

• off - The default state. Stale routes are purged when the peer goes down.
• on - Sets the peer to singlehop BFD. Singlehop BFD is for a peer that is one hop away. The peer must be on a directly connected network. Make sure the firewall policy allows UDP port 3784 in both directions.
• multihop - For a peer is one or more hops away. Make sure the firewall policy allows UDP port 4784 in both directions. The configuration on both BFD peers must be the same (both configured as multiphop or singlehop).
• check-control-plane-failure interprets the control plane independent flag (the C bit) received from the remote BFD peer.

  When these two conditions are met at the same time, the gateway keeps stale routes and does not purge them, for graceful restart purposes:

  1. The C-bit received from the peer is zero.
  2. BGP graceful restart is enabled

Make sure the SmartConsole topology is correct (issues with incorrect firewall topology can cause anti-spoofing to interfere with BFD traffic.

set bgp communities {on | off}

on

Enable BGP policy options based on communities.

off

Disable BGP policy options based on communities.

show bgp

groups

memory

errors

paths

stats

peer <ip_address>

advertise

detailed

received

peers

advertise

detailed

established

received

summary

show ipv6 route bgp

all

aspath

communities

detailed

metrics

suppressed

set bgp cluster-id VALUE

set bgp communities VALUE

set bgp confederation aspath-loops-permitted VALUE

set bgp confederation identifier VALUE

set bgp confederation member-as VALUE description VALUE

set bgp confederation member-as VALUE interface VALUE off

set bgp confederation member-as VALUE interface VALUE on

set bgp confederation member-as VALUE local-address VALUE off

set bgp confederation member-as VALUE local-address VALUE on

set bgp confederation member-as VALUE med VALUE

set bgp confederation member-as VALUE nexthop-self VALUE

set bgp confederation member-as VALUE off

set bgp confederation member-as VALUE on

set bgp confederation member-as VALUE outdelay VALUE

set bgp confederation member-as VALUE peer VALUE [ comment VALUE ]

set bgp confederation member-as VALUE peer VALUE [ peer-type VALUE ] on

set bgp confederation member-as VALUE peer VALUE accept-routes VALUE

set bgp confederation member-as VALUE peer VALUE authtype md5 secret VALUE

set bgp confederation member-as VALUE peer VALUE authtype none

set bgp confederation member-as VALUE peer VALUE capability default

set bgp confederation member-as VALUE peer VALUE capability ipv4-unicast VALUE

set bgp confederation member-as VALUE peer VALUE capability ipv6-unicast VALUE

set bgp confederation member-as VALUE peer VALUE graceful-restart off

set bgp confederation member-as VALUE peer VALUE graceful-restart on

set bgp confederation member-as VALUE peer VALUE graceful-restart-stalepath-time VALUE default

set bgp confederation member-as VALUE peer VALUE holdtime VALUE

set bgp confederation member-as VALUE peer VALUE ignore-first-ashop VALUE

set bgp confederation member-as VALUE peer VALUE keepalive VALUE

set bgp confederation member-as VALUE peer VALUE local-address VALUE off

set bgp confederation member-as VALUE peer VALUE local-address VALUE on

set bgp confederation member-as VALUE peer VALUE log-state-transitions VALUE

set bgp confederation member-as VALUE peer VALUE log-warnings VALUE

set bgp confederation member-as VALUE peer VALUE no-aggregator-id VALUE

set bgp confederation member-as VALUE peer VALUE off

set bgp confederation member-as VALUE peer VALUE on

set bgp confederation member-as VALUE peer VALUE outgoing-interface VALUE [ peer-type VALUE ] on

set bgp confederation member-as VALUE peer VALUE passive-tcp VALUE

set bgp confederation member-as VALUE peer VALUE ping VALUE

set bgp confederation member-as VALUE peer VALUE route-refresh off

set bgp confederation member-as VALUE peer VALUE route-refresh on

set bgp confederation member-as VALUE peer VALUE send-keepalives VALUE

set bgp confederation member-as VALUE peer VALUE send-route-refresh request all unicast

set bgp confederation member-as VALUE peer VALUE send-route-refresh request ipv4 unicast

set bgp confederation member-as VALUE peer VALUE send-route-refresh request ipv6 unicast

set bgp confederation member-as VALUE peer VALUE send-route-refresh route-update all unicast

set bgp confederation member-as VALUE peer VALUE send-route-refresh route-update ipv4 unicast

set bgp confederation member-as VALUE peer VALUE send-route-refresh route-update ipv6 unicast

set bgp confederation member-as VALUE peer VALUE throttle-count VALUE

set bgp confederation member-as VALUE peer VALUE trace VALUE off

set bgp confederation member-as VALUE peer VALUE trace VALUE on

set bgp confederation member-as VALUE peer VALUE weight VALUE

set bgp confederation member-as VALUE protocol VALUE off

set bgp confederation member-as VALUE protocol VALUE on

set bgp dampening keep-history VALUE

set bgp dampening max-flap VALUE

set bgp dampening off

set bgp dampening on

set bgp dampening reachable-decay VALUE

set bgp dampening reuse-below VALUE

set bgp dampening suppress-above VALUE

set bgp dampening unreachable-decay VALUE

set bgp default-med VALUE

set bgp default-route-gateway VALUE

set bgp ecmp VALUE

set bgp external remote-as VALUE description VALUE

set bgp external remote-as VALUE export-routemap VALUE off

set bgp external remote-as VALUE export-routemap VALUE preference VALUE [ family VALUE ] on

set bgp external remote-as VALUE import-routemap VALUE off

set bgp external remote-as VALUE import-routemap VALUE preference VALUE [ family VALUE ] on

set bgp external remote-as VALUE local-address VALUE off

set bgp external remote-as VALUE local-address VALUE on

set bgp external remote-as VALUE off

set bgp external remote-as VALUE on

set bgp external remote-as VALUE outdelay VALUE

set bgp external remote-as VALUE peer VALUE [ comment VALUE ]

set bgp external remote-as VALUE peer VALUE accept-med VALUE

set bgp external remote-as VALUE peer VALUE accept-routes VALUE

set bgp external remote-as VALUE peer VALUE allowas-in-count VALUE

set bgp external remote-as VALUE peer VALUE as-override VALUE

set bgp external remote-as VALUE peer VALUE aspath-prepend-count VALUE

set bgp external remote-as VALUE peer VALUE authtype md5 secret VALUE

set bgp external remote-as VALUE peer VALUE authtype none

set bgp external remote-as VALUE peer VALUE capability default

set bgp external remote-as VALUE peer VALUE capability ipv4-unicast VALUE

set bgp external remote-as VALUE peer VALUE capability ipv6-unicast VALUE

set bgp external remote-as VALUE peer VALUE export-routemap VALUE off

set bgp external remote-as VALUE peer VALUE export-routemap VALUE preference VALUE [ family VALUE ] on

set bgp external remote-as VALUE peer VALUE graceful-restart off

set bgp external remote-as VALUE peer VALUE graceful-restart on

set bgp external remote-as VALUE peer VALUE graceful-restart-stalepath-time VALUE default

set bgp external remote-as VALUE peer VALUE holdtime VALUE

set bgp external remote-as VALUE peer VALUE ignore-first-ashop VALUE

set bgp external remote-as VALUE peer VALUE import-routemap VALUE off

set bgp external remote-as VALUE peer VALUE import-routemap VALUE preference VALUE [ family VALUE ] on

set bgp external remote-as VALUE peer VALUE ip-reachability-detection check-control-plane-failure off

set bgp external remote-as VALUE peer VALUE ip-reachability-detection check-control-plane-failure on

set bgp external remote-as VALUE peer VALUE ip-reachability-detection multihop local-address VALUE

set bgp external remote-as VALUE peer VALUE ip-reachability-detection off

set bgp external remote-as VALUE peer VALUE ip-reachability-detection on

set bgp external remote-as VALUE peer VALUE keepalive VALUE

set bgp external remote-as VALUE peer VALUE local-address VALUE off

set bgp external remote-as VALUE peer VALUE local-address VALUE on

set bgp external remote-as VALUE peer VALUE log-state-transitions VALUE

set bgp external remote-as VALUE peer VALUE log-warnings VALUE

set bgp external remote-as VALUE peer VALUE med-out VALUE

set bgp external remote-as VALUE peer VALUE multihop VALUE

set bgp external remote-as VALUE peer VALUE no-aggregator-id VALUE

set bgp external remote-as VALUE peer VALUE off

set bgp external remote-as VALUE peer VALUE on

set bgp external remote-as VALUE peer VALUE outgoing-interface VALUE on

set bgp external remote-as VALUE peer VALUE passive-tcp VALUE

set bgp external remote-as VALUE peer VALUE peer-local-as as VALUE on

set bgp external remote-as VALUE peer VALUE peer-local-as dual-peering VALUE

set bgp external remote-as VALUE peer VALUE peer-local-as inbound-peer-local VALUE

set bgp external remote-as VALUE peer VALUE peer-local-as off

set bgp external remote-as VALUE peer VALUE peer-local-as outbound-local VALUE

set bgp external remote-as VALUE peer VALUE ping VALUE

set bgp external remote-as VALUE peer VALUE removeprivateas VALUE

set bgp external remote-as VALUE peer VALUE route-refresh off

set bgp external remote-as VALUE peer VALUE route-refresh on

set bgp external remote-as VALUE peer VALUE send-keepalives VALUE

set bgp external remote-as VALUE peer VALUE send-route-refresh request all unicast

set bgp external remote-as VALUE peer VALUE send-route-refresh request ipv4 unicast

set bgp external remote-as VALUE peer VALUE send-route-refresh request ipv6 unicast

set bgp external remote-as VALUE peer VALUE send-route-refresh route-update all unicast

set bgp external remote-as VALUE peer VALUE send-route-refresh route-update ipv4 unicast

set bgp external remote-as VALUE peer VALUE send-route-refresh route-update ipv6 unicast

set bgp external remote-as VALUE peer VALUE suppress-default-originate VALUE

set bgp external remote-as VALUE peer VALUE throttle-count VALUE

set bgp external remote-as VALUE peer VALUE trace VALUE off

set bgp external remote-as VALUE peer VALUE trace VALUE on

set bgp external remote-as VALUE peer VALUE ttl VALUE

set bgp graceful-restart restart-time VALUE default

set bgp graceful-restart selection-deferral-time VALUE default

set bgp internal description VALUE

set bgp internal export-routemap VALUE off

set bgp internal export-routemap VALUE preference VALUE [ family VALUE ] on

set bgp internal import-routemap VALUE off

set bgp internal import-routemap VALUE preference VALUE [ family VALUE ] on

set bgp internal interface VALUE off

set bgp internal interface VALUE on

set bgp internal local-address VALUE off

set bgp internal local-address VALUE on

set bgp internal med VALUE

set bgp internal nexthop-self VALUE

set bgp internal off

set bgp internal on

set bgp internal outdelay VALUE

set bgp internal peer VALUE [ comment VALUE ]

set bgp internal peer VALUE [ peer-type VALUE ] on

set bgp internal peer VALUE accept-routes VALUE

set bgp internal peer VALUE authtype md5 secret VALUE

set bgp internal peer VALUE authtype none

set bgp internal peer VALUE capability default

set bgp internal peer VALUE capability ipv4-unicast VALUE

set bgp internal peer VALUE capability ipv6-unicast VALUE

set bgp internal peer VALUE graceful-restart off

set bgp internal peer VALUE graceful-restart on

set bgp internal peer VALUE graceful-restart-stalepath-time VALUE default

set bgp internal peer VALUE holdtime VALUE

set bgp internal peer VALUE ignore-first-ashop VALUE

set bgp internal peer VALUE import-routemap VALUE off

set bgp internal peer VALUE import-routemap VALUE preference VALUE [ family VALUE ] on

set bgp internal peer VALUE ip-reachability-detection check-control-plane-failure off

set bgp internal peer VALUE ip-reachability-detection check-control-plane-failure on

set bgp internal peer VALUE ip-reachability-detection multihop local-address VALUE

set bgp internal peer VALUE ip-reachability-detection off

set bgp internal peer VALUE ip-reachability-detection on

set bgp internal peer VALUE keepalive VALUE

set bgp internal peer VALUE local-address VALUE off

set bgp internal peer VALUE local-address VALUE on

set bgp internal peer VALUE log-state-transitions VALUE

set bgp internal peer VALUE log-warnings VALUE

set bgp internal peer VALUE no-aggregator-id VALUE

set bgp internal peer VALUE off

set bgp internal peer VALUE outgoing-interface VALUE [ peer-type VALUE ] on

set bgp internal peer VALUE passive-tcp VALUE

set bgp internal peer VALUE ping VALUE

set bgp internal peer VALUE route-refresh off

set bgp internal peer VALUE route-refresh on

set bgp internal peer VALUE send-keepalives VALUE

set bgp internal peer VALUE send-route-refresh request all unicast

set bgp internal peer VALUE send-route-refresh request ipv4 unicast

set bgp internal peer VALUE send-route-refresh request ipv6 unicast

set bgp internal peer VALUE send-route-refresh route-update all unicast

set bgp internal peer VALUE send-route-refresh route-update ipv4 unicast

set bgp internal peer VALUE send-route-refresh route-update ipv6 unicast

set bgp internal peer VALUE suppress-default-originate VALUE

set bgp internal peer VALUE throttle-count VALUE

set bgp internal peer VALUE trace VALUE off

set bgp internal peer VALUE trace VALUE on

set bgp internal peer VALUE weight VALUE

set bgp internal protocol VALUE off

set bgp internal protocol VALUE on

set bgp ping count VALUE

set bgp ping interval VALUE

set bgp routing-domain aspath-loops-permitted VALUE

set bgp routing-domain identifier VALUE

set bgp synchronization VALUE

show bgp errors

show bgp groups

show bgp memory

show bgp paths

show bgp peer VALUE advertise

show bgp peer VALUE detailed

show bgp peer VALUE received

show bgp peers

show bgp peers advertise

show bgp peers detailed

show bgp peers established

show bgp peers received

show bgp routemap

show bgp stats

show bgp summary