Site To Site ipsec tunnel HO Gateway

Question

i have to same model firewalls i configure site to site IPsec vpn its working fine both sides LAN network accessible everything working fine. i want to all my branch internet traffic going to HO Firewall Gateway branch isp did not  use for internet traffic means my branch user internet traffic going out HO Firewall.is it possible if yes please help.

ede_pfau · Answer

hello,

yes, this is a common setup (if I understand you correctly). If you want to send all internet bound traffic from branch offices to HQ, then

on the branch FGT:

1- create a static route to the HQ WAN IP, with gateway IP: your ISP, interface: WAN port

2- create a default route pointing to the site-to-site VPN interface (no gateway needed)

3- create a policy to allow all destination IPs to the VPN

on HQ FGT:

1- create a default route to the ISP (will already exist)

2- create a static route to the branch LAN (will already exist)

3- create a policy from branch VPN to WAN interface to allow outbound traffic, ENABLE NAT

Of course, if traffic is flowing, protect it properly with AV, AC etc.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded