Hello All - Why do Cisco promoted BGP in their Firewalls ASA/PIX till recently. I know the famous saying that it is good to have Routing Function separately from Firewall. But why does we prevent BGP peering with Firewall though OSPF/EIGRP/RIP has been supported since beginning?
Just a conceptual thought process
For me, I would separate the two. Depending on your BGP setup and what your expecting your firewall to stop in terms of traffic, you could be asking too much of one device.
I can give you an example where BGP would be usefull (specially in a multi-context mode where dynamic routing wasn't supported):
Main DC | Recovery DC
---- Internet ISP1/ISP2 ------
FW FW --- DMZ????
CORE ----- CORE
You would need to place the DMZ somewhere behind the Core and not directly near the first firewall as it would not know how to switch the default route.
Now with BGP on the firewall you can exit through any site.
My guess is that maybe Cisco didn't have sufficient demand from their customers to run BGP on their firewalls. Therefore they focussed their engineering efforts on developing other firewall features.