FortiGate VPN Hub

Forum|Forum|9 months ago
July 20, 2025
1 reply
342 views

Hello,

I have three FortiGate firewalls: A, B, and C.

- A ↔ B: IPsec tunnel
- A ↔ C: IPsec dialup tunnel

I want to allow communication between B and C **without a direct tunnel**, by using FortiGate A as a **VPN hub**.

Is this setup supported, and what are the best practices for routing, phase2 selectors, and policies in this case?

Thank you!

VinayHM

FortiGate supports hub-and-spoke VPN topologies where one firewall acts as a central VPN hub. Proper configuration of phase 2 selectors, routing, and policies will enable B and C to communicate via A without establishing a direct tunnel. Always test connectivity and monitor logs to ensure smooth operation.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded