Skip to main content
JocyJohn47
JocyJohn47
New Member
October 21, 2025
Question

Fortigate 40F VPN from Branch to HQ only for internet

  • October 21, 2025
  • 1 reply
  • 209 views

i am try ting to config 40F to 40F using site to site vpn when HQ has Static WAN ip and Branch use Dynamic , after config the tunnel is still down , even i try Hub - Spoke same issue , in HQ the 40F setup is behind the main Firewall ( 60F ) , does it required any Port forwarding . i have go through several video and documents , the config show ok ,still the VPN not coming online . 

1 reply

funkylicious
SuperUser
funkylicious
SuperUser
October 21, 2025

this would be kind of hard to implement if your IPsec Hub / DialUP server FGT is behind another FortiGate and doesnt have a public IP assigned to it.

 

one option would be to create VIP on the 60F for 40F , like the one described here - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-a-FortiGate-in-the-middle-for-2-other/ta-p/270548 

"jack of all trades, master of none"
    Terms & ConditionsAccessibility statement