Site-to-site VPN between Fortigate 1100E and Meraki MX firewall

Forum|Forum|5 years ago
March 24, 2021
2 replies
7781 views

Hello

We're going to be setting up a S2S VPN tunnel between our FG 1100E in our production data center and a Meraki MX firewall at one of our branch sites for sending backups. The FG is in multi-VDOM mode, with the WAN connection being in a transparent vWire configuration. What's best practice in terms of which VDOM to put the S2S VPN tunnel in? Since the WAN VDOM is operating in transparent mode I assume doing any kind of routing there is not an option. Are there any downsides of putting the tunnel in a separate VDOM?

Thanks

emnoc

New Member

Why the transparent vdom to begin with? Sounds like youre making it more complex and you surely can't control traffic already encapsulated in IPSEC via the transparent-vdom.

Ken Felix

akomiliAuthor

New Member

That's a good question. It was set up like this before I got involved so I'm not sure. Does this complicate things a lot? What setup would you recommend?

emnoc

New Member

Will that depends are you doing multiple NAT/routed domains?

Do you really need a stack-multi-vdom where you run other vdom thru a primary vdom?

Ken Felix

akomiliAuthor

New Member

Likely not, I don't think we have a reason for separating out into different VDOMs. Perhaps we need to take a step back and re-evaluate the bigger picture. We're going to be moving all of our routing off our old firewalls onto these, the transparent mode setup was just a temporary solution for the evaluation and to give us IPS at the perimeter. We want to keep things simple so if a single VDOM is the way to go then we can do that. We have a secondary unit that we can reconfigure rather than messing with the production unit if needed. If there is a way to get the S2S up and running in it's current state though that would be great.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded