How to prevent the Fortigte device from access the Internet.

Question

Hello expert,

I have a hub and Spoke Topology.

I configure spoke (Lethem) to to reach Head Office using a vpn thru the internet.

We have a static route on the spoke to allow all clients to access the internet by backhauling the request to the Head Office checkpoint firewall.

Because I configured a Wan interface on Lethem to access the internet to create vpn ipsec tunnel to Head Office, I notice the FortiGate device itself is able to access the internet.

How can I stop the Fortigate device from access the internet?

Regards

AEK · Answer

Hi JomofIf you want your client still access to Internet through the S2S VPN but not FGT, then you just need to remove the current default route (0.0.0.0) and replace it with the following:dst: IP address of the remote peer (HQ Check Point FW)intf: wan1 (or the interface that you are currently using for default GW)gw: x.x.x.x (the IP that you are currently using as default GW) Another method (heavier) is to use 2 VDOMs. The management VDOM has no default route (only a route to LANs for management), and the client VDOM has a default route like you did initially (0.0.0.0 though wan1).

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded