[ADVPN] isolate site in advpn

Forum|Forum|1 year ago
March 17, 2025
2 replies
1136 views

Hello everyone

example i have three spoke under same advpn, but i wanna isolate spoke A from other spoke B & C, can i do that ?

FortiGate

Dhruvin_patel

Staff

Greetings!

Yes it is possible to isolate the spoke A from other spoke by using network ID.

Please check this document: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-case-of-Network-Ids-with-ADVPN-shortcut/ta-p/241025

Regards!

Toshi_Esumi

SuperUser

In that environment, if you want to use ADVPN for customers, you need to set up an ADVPN per customer/VDOM. As you said, the isolation is done by VDOM. You shouldn't/can't set up one ADVPN network across VDOM borders.

Toshi

shiryunagaAuthor

Visitor III

So if we have 3 customer with multiple site, we need create 3 vdom so we have 3 as bgp for spoke to spoke communication ?

Toshi_Esumi

SuperUser

Think about those three VDOMs as three physical boxes of firewalls(or just Cisco/Juniper whatever routers terminating IPsec VPNs), which happen to be at one (your) location. Then it would be obvious what you need to do to serve/connect each customer's locations to them.

Toshi

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded