Fortigate Site to Site VPN for Web Traffic Only

Forum|Forum|3 years ago
June 21, 2022
2 replies
2225 views

I have a pair of Fortigate 60F's, one is in the USA and one is in the UK. I have a Site to Site VPN currently setup but it is a Split Tunnel so all of the web traffic goes through the respective ISP's.

What I want to do is force all of the UK Web traffic to go through the VPN to the US but allow all other traffic to go through the UK isp so I don't have the added latency.

Is there a way to dictate via policy that the traffic of a specific domain/website go over the VPN or even all http/https traffic go over the vpn while everything else is left alone?

FortiGate

imathew

Staff

I believe your requirement is to send only HTTP and HTTPS traffic over the IPsec tunnel.

Under phase2 selectors, you can use Remote Port and Protocol options. Maybe this will help with your requirement.

Toshi_Esumi

SuperUser

It still wouldn't solve routing issue that there needs to be two default routes, one to the tunnel another to the wan interface. You need either policy routes or SD-WAN setup.

Toshi

DNCS5Author

New Member

I'm being told by TAC that the Phase 2 Selectors have to be changed to show 0.0.0.0 rather than the defined subnet...so that everything goes through the tunnel and not just traffic that matches the remote subnet destinations. Then some policy based entries. Not sure if it'll work but i'm going to give it a try.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded