How does sites exchange routes via Fortisase?

Forum|Forum|7 months ago
October 15, 2025
1 reply
492 views

Hello folks,

Anyone can explain me what is going on and how to fix this pls!?

I just connected 2 separate sites to Fortisase using Secure Private Access.

BGP to Forti PoPs are established but the sites are not exchanging routes.

Shouldn't the 2 sites reach each other through Forticloud? This is what i'm used to in Velo Cloud and Cato.

I only have 2 sites, head office in Europe and another site in the USA.

Regards

Said

FortiCloud Products

distillednetwork

Explorer II

Have you looked at the BGP recursive routes yet? This is a good document that outlines some different topologies.

https://docs.fortinet.com/document/fortisase/latest/feature-fortigate-ngfw-to-fortisase-spa-hub-conversion-deployment-guide/264146/configuring-bgp

Said7Author

New Member

Thank you for the prompt response.

The BGP recursive routes only words if inter HUB routing outside Fortisase already exists.

This means that I should configure a tunnel between the 2 sites.

I was expecting that through the SPA, the 2 sites will be exchanging routes.

The only BGP routes i learn from Fortisase PoPs are FortiClient subnets and PoPs ip range.

The reason is that SASE does not advertise routes to the HUB.
SASE supports traffic between HUB and connected endpoints (SASE VPN clients), and vice versa — but not HUB-to-HUB communication.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded