A start-up firm is planning to establish hybrid connectivity by creating AWS Site-to-Site VPN.
This connectivity will be established using dynamic routing protocol BGP.
The Firm's Security team is looking for the port which needs to unblock at the firewall end. Which port needs to be allowed in Firewall to have BGP peering successfully established with Amazon VGW?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
BGP protocol uses TCP port 179 for establishing a peering connection.
While establishing AWS VPN connectivity using BGP protocol, it needs to be checked that TCP port 179 is not blocked in the network.
Options A, C and D are incorrect as these ports are not used by the BGP protocol for peering.
For more information on troubleshooting VPN connectivity with BGP, refer to the following URL,
https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-bgp-vpn/The correct answer is B) TCP 179.
In AWS Site-to-Site VPN, the customer gateway (CGW) establishes a VPN connection to the virtual private gateway (VGW) in AWS. BGP (Border Gateway Protocol) is a dynamic routing protocol that allows the VGW to learn and advertise the routes to the on-premises network. To establish BGP peering, the CGW and VGW need to exchange routing information.
BGP uses TCP (Transmission Control Protocol) as its transport protocol and listens on port 179. Therefore, the firewall needs to allow incoming traffic on TCP port 179 from the CGW to the VGW.
TCP port 79 is used for finger protocol, which is used to retrieve information about users on a network. UDP port 179 is not used by any protocol, and UDP port 79 is used for finger protocol over UDP, which is not relevant in this scenario.
To summarize, the correct port that needs to be allowed in the firewall to establish BGP peering with Amazon VGW is TCP port 179.