I am configuring BGP on a Sophos XG Firewall (18.5.2 MR-2-Build380).
Our ISP has assigned a 4 Byte AS Number. For the purpose of this discussion, let's say it's 4000012345 (Binary: 1110 1110 0110 1011 0101 1000 0011 1001 )
The issue I'm having is that when I enter this AS number (or any AS number upward of 2147483648) into the BGP configuration as a local-as, the XG always changes the AS number to 2147483647 (Binary: 0111 1111 1111 1111 1111 1111 1111 1111)
eg. # neighbor x.x.x.x local-as 4000012345
# do show run
The command is shown in the config as:
neighbor x.x.x.x local-as 2147483647
So it appears that the AS number variable has been declared as a signed 32 bit integer when it should be an unsigned 32 bit integer. This is causing the XG unit to effectively only support 31 bit AS numbers, as the 32nd bit is interpreted as a negation bit. Any AS number greater than 2147483648 is reduced to the maximum value that can be expressed with only 31 bits: 2147483647.
As an experiment, I tried entering the equivalent signed 32 bit integer value as negative number to see if it would be accepted, but this did not work. I would be still be wary of it even if it did.
Any chance of a new firmware or hot-fix to address this issue? I'm aware that 18.5.2 MR-3 is available but I don't see anything about the issue above in the release notes, so I assume it has not been addressed.
This thread was automatically locked due to age.
