SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

BGP filtering by Community

Allow a BGP Route Map match a community.

BGP communities are simply values attached to a route that is sent to BGP peers. This values have special meanings to the peers and cause specific actions to be taken, depending upon the values assigned. A customer who is multi-homed to a service provider can often use communities to tell the service provider how to route traffic to the customer autonomous system (AS).

"A community is a group of destinations which share some common property. Each autonomous system administrator may define which communities a destination belongs to. By default, all destinations belong to the general Internet community." (http://tools.ietf.org/html/rfc1997)

5 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Marcos MachadoMarcos Machado shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Kennis KoldewynKennis Koldewyn commented  ·   ·  Flag as inappropriate

        It's not just data centers and ISPs that could use this functionality. I'm working at a small business using the Sophos UTM, and we would like to take advantage of the Spamhaus BGP feed of three of its blocklists: the Botnet Controller List (BCL), and the DROP (Don't Route or Peer) and EDROP (Extended DROP) lists, which consist of netblocks that are hijacked or leased by professional spam or cyber-crime operations. See http://www.spamhaus.org/faq/section/BGPf%20FAQ for details. The Spamhaus BGP feed uses communities as categories (to my rather vague understanding) for the three lists, so without support of the BGP community feature, it appears that we can't make use of the Spamhaus feeds. This use of BGP might be worthwhile for a lot of businesses!

      • Anonymous commented  ·   ·  Flag as inappropriate

        the BGP in SOPHOS UTM is very good, but need same features with communities and blackhole, this is very important features for secure in BGP.

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.