Blocking BGP traffic

SonicAdmin80 · March 2022

I have set up a VPN tunnel to Azure that uses BGP for routing. I noticed that there is BGP traffic on the WAN interfaces as well, not just the VPN tunnel.

Is this a security risk and if so, how to block it and allow BGP over the VPN tunnel only?

MitatOnge · March 2022

did you try below document and you will see under the page.

NOTE: Please disable exclude from route advertisement (NSM,OSPF,BGP,RIP) under Network | Interfaces | WAN.

https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-a-bgp-route-based-vpn-between-a-sonicwall-firewall-and-azure/191118225907799/

SonicAdmin80 · March 2022

Yes that was the guide I followed plus I added BGP neighbors following a different article.

Exclude from route advertisement is unchecked as that's how I understood the instruction. Should I enable it instead?

MitatOnge · April 2022

https://community.sonicwall.com/technology-and-support/discussion/comment/14278#Comment_14278

in my opinion, if you dont use or wont use BGP on the wan interface. you should disable it. otherwise will be open bgp ports and somebody can take attack to ports.

SonicAdmin80 · April 2022

That's what I'm thinking as well so the KB article is a bit confusing, perhaps erroneous.

Join the Conversation

Blocking BGP traffic

Answers