Allowing BGP messaging between cOS Core interfaces

Last modified on 25 Nov, 2022. Revision 12
Is it possible to allow BGP messages to be sent between two different interfaces on a NetWall firewall?
Up to date for
cOS Core 14.00.xx
Supported since
cOS Core 9.30.xx.
Status OK


Yes, this is possible. BGP uses TCP as its transport protocol on TCP port 179. On connection initiation, BGP peers exchange complete copies of their routing tables between each other, which can be quite large. However, after the complete routing table exchange, only changes (deltas) are then exchanged between the BGP routers. This makes long BGP sessions more efficient than short ones.


In this example suppose we have one BGP server on Ethernet interface If1 and another on interface If2.

In order to allow traffic flow:

  • Create a custom Service object for TCP traffic on port 179. We might give this the name BGP.
  • Create IP policies in the IP rule set for the respective BGP routers that allow traffic flow using the custom service. For this example we have two rule set entries:

A. The source interface and network and destination interface and network needs to correspond to the IP and interface that respective BGP router resides in.
B. Two rules are needed in order to allow traffic to be initiated both from the inside and outside.

By following this example, BGP routers will be able to exchange their routing tables when the routers are located on different interfaces.

Related articles

Setup of a Layer-3 bridge over IPsec in cOS Core
12 Apr, 2023 core proxyarp arp ipsec routing
cOS Core IKEv2 split tunneling with Windows and local user database.
28 Mar, 2023 ikev2 windows vpn routing splittunneling
Problem with auto-created Core routes
22 Mar, 2021 core ipsec routing
Setting up OSPF with IPsec in cOS Core
16 Apr, 2024 core routing ospf ipsec
Using /31 network masks in cOS Core (RFC-3021)
1 Jun, 2022 core routing management
The meaning of the Default_Access_Rule log entry
7 Nov, 2022 core arp log routing
Troubleshooting cOS Core rules/routes with ping simulation
17 Mar, 2023 core routing rules ping icmp cli
Is Statless (FwdFast) faster than a normal IP policy?
27 Jan, 2021 core stateless routing brokenlink
Route failover with IPsec tunnels in cOS Core
13 Feb, 2023 ipsec core routing failover
Public network transparency using cOS Core Proxy ARP instead of subnetting
18 Apr, 2023 core routing transparentmode proxyarp