Allowing BGP messaging between cOS Core interfaces

Last modified on 25 Nov, 2022. Revision 12
Is it possible to allow BGP messages to be sent between two different interfaces on a NetWall firewall?
Up to date for
cOS Core 14.00.xx
Supported since
cOS Core 9.30.xx.
Status OK


Yes, this is possible. BGP uses TCP as its transport protocol on TCP port 179. On connection initiation, BGP peers exchange complete copies of their routing tables between each other, which can be quite large. However, after the complete routing table exchange, only changes (deltas) are then exchanged between the BGP routers. This makes long BGP sessions more efficient than short ones.


In this example suppose we have one BGP server on Ethernet interface If1 and another on interface If2.

In order to allow traffic flow:

A. The source interface and network and destination interface and network needs to correspond to the IP and interface that respective BGP router resides in.
B. Two rules are needed in order to allow traffic to be initiated both from the inside and outside.

By following this example, BGP routers will be able to exchange their routing tables when the routers are located on different interfaces.

Related articles

Problem with auto-created Core routes
22 Mar, 2021 core ipsec routing
Using /31 network masks in cOS Core (RFC-3021)
1 Jun, 2022 core routing management
The meaning of the Default_Access_Rule log entry
7 Nov, 2022 core arp log routing
Is Statless (FwdFast) faster than a normal IP policy?
27 Jan, 2021 core stateless routing brokenlink