Skip to main content
Aliz
Aliz
Explorer
November 11, 2022
Solved

FortiGate Incoming Interface and Outgoing Interface can be same in case of VPN Zone

  • November 11, 2022
  • 1 reply
  • 3816 views

Hello all,

 

I have created the VPN Zone with 10 IPSec Tunnels.

now I need to create a policy between 1 IPSec VPN to multiple IPSec VPNs within the same VPN Zone, But with different Sources and Destinations.

 

Just a Query

 

Could you please help troubleshoot this issue?

 

Thanks in advance.

 

Regards,

Aliz Shrestha

Best answer by Toshi_Esumi

Once you put those VPN interfaces into a single zone, you can not specify individual VPN interfaces as source or destination interface of policies. However, you can still create policies between zone1<-->zone1 specifying source address and destination address.

You just need to make sure you allow intra-zone traffic in the zone config. Then you can control traffic between src/dst addresses.

 

Toshi

1 reply

Toshi_Esumi
SuperUser
Toshi_EsumiAnswer
SuperUser
November 11, 2022

Once you put those VPN interfaces into a single zone, you can not specify individual VPN interfaces as source or destination interface of policies. However, you can still create policies between zone1<-->zone1 specifying source address and destination address.

You just need to make sure you allow intra-zone traffic in the zone config. Then you can control traffic between src/dst addresses.

 

Toshi

    Aliz
    AlizAuthor
    Explorer
    November 11, 2022

    Hello Toshi,

     

    Thank you for the information.

     

    Regards,

    Aliz Shrestha

    Terms & ConditionsAccessibility statement