VPN Branch to HQ Internet - Specific Interface Only

Forum|Forum|6 years ago
June 3, 2020
1 reply
2440 views

Hi,

I have 2 Fortigates. I need devices connected to one physical interface on the Branch Fortigate to use internet from the HQ Fortigate. All other traffic on the Branch (other interfaces) can use local WAN interface for internet.

How do I do this?

Thank You

Ismail

MattyG2787

New Member

This should be in another thread but the simplest (cleanest) way is via SD-WAN rules

Create your first SD-WAN rule to have

Src - HQ source

DST - all

Included Members - HQ Link

Services - all

Second rules

Src - Other IP Ranges

dst All

Included Members - Local WAN

services all

This also pootentially allows the local internet to be used in case HO link drops (by changing second source to all)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded