Help Needed: IPsec VPN Between NAT and Transparent FortiGates + Inter-Branch Communication
Hi Fortinet Community,
I'm setting up a network with three FortiGates and need help configuring IPsec VPNs and inter-site communication. Here's the setup:
:small_blue_diamond: Topology Overview:
HQ FortiGate: NAT mode, connected to ISP via L3 link
Branch1 FortiGate: Transparent mode
Factory FortiGate: Transparent mode
All sites are connected over Layer 2 links
DHCP for both branches comes from HQ
:small_blue_diamond: Network Details:
| HQ | NAT mode FortiGate | 10.10.10.0/24 (LAN) |
| Branch1 | Transparent FortiGate | 192.168.100.0/24 (via DHCP) |
| Factory | Transparent FortiGate | 192.168.101.0/24 (via DHCP) |
HQ Server1: 192.168.100.1 (needs to be accessed by Branch1 PCs)
HQ Server2: 192.168.101.1 (needs to be accessed by Factory PCs)
All branch PCs should also have access to HQ LAN (10.10.10.0/24)
:question_mark: What I Need Help With:
How to configure IPsec VPN tunnels:
Between HQ and Branch1
Between HQ and Factory
Note: Branch1 and Factory are using transparent mode FortiGates
How to allow the following communications:
Branch1 PCs → HQ Server1 (192.168.100.1)
Factory PCs → HQ Server2 (192.168.101.1)
Both branch networks → HQ LAN (10.10.10.0/24)
Best practices for routing, policies, interface assignment (since two devices are in transparent mode), and any VLAN or zone suggestions for easier policy control. FortiGate