Someone asked me to explain how to use gobgpd with palo alto firewalls based off this previous blog that was posted
http://socpuppet.blogspot.com/2022/03/gogogo-gobpd-for-rtbh-injection.html
PANOS has a few pieces that you need to do
1st you need to setup BGP peer in the VR-instance ( default in my case ) . Make sure to enable the peer and enable installing the routes.
Make sure you check logs and rib table
[global.config]
as = 2
router-id = "0.0.0.2"
port = 179
[[mrt-dump]]
[mrt-dump.config]
# dump-type = "updates"
#file-name = "/home/gobgpd/dump.dump"
# dump-interval = 180
# rotation-interval = 28800
[[neighbors]]
[neighbors.config]
peer-as = 1
# auth-password = "password"
neighbor-address = "198.206.234.255"
local-as = 2
For route injection, we will use the typical gobgp global rib cmd
for p in ` cat ip.list ` ;
#
# ip.list is our ipv4 list of harvest /32 that are to be dropped
#
# this list can be populated from loggers and parsers, outputs from a siems details, or manually created
do gobgp global rib add $p/32 community 1:999 ;
done
We are sending bgp-community 1:999, which the import policy uses to set its local_pref and next-hop to the discard.
NSE ( network security expert) and Route/Switching Engineer