VPN tunnel go to another VPN site

Forum|Forum|9 months ago
August 24, 2025
1 reply
363 views

We have 2 sites (SiteA & SiteB) that have 2 VPN tunnels with HQ. e.g.:

SiteA ---- HQ ---- SiteB

Now I can access to HQ on site A and access to HQ on siteB.

Can I access to SiteB devices on SiteA?

Best answer by kaman

Hi CFSC,

Yes, you can access SiteB devices from SiteA through HQ, but it requires configuration on all three FortiGate firewalls (SiteA, HQ, SiteB) to allow inter-site routing over the VPN tunnels.

Please refer to the document below on how to configure a redundant hub‑and‑spoke IPsec VPN topology, which is exactly the setup you need to enable traffic between Site A and Site B via the HQ FortiGate.

https://docs.fortinet.com/document/fortigate/7.6.3/administration-guide/755287/redundant-hub-and-spoke-vpn

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/853412/ipsec-vpn-wizard-hub-and-spoke-advpn-support

If you have found a solution, please like and accept it to make it easily accessible to others.

Regards,
Aman

kamanAnswer

Staff

Hi CFSC,

Yes, you can access SiteB devices from SiteA through HQ, but it requires configuration on all three FortiGate firewalls (SiteA, HQ, SiteB) to allow inter-site routing over the VPN tunnels.

Please refer to the document below on how to configure a redundant hub‑and‑spoke IPsec VPN topology, which is exactly the setup you need to enable traffic between Site A and Site B via the HQ FortiGate.

https://docs.fortinet.com/document/fortigate/7.6.3/administration-guide/755287/redundant-hub-and-spoke-vpn

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/853412/ipsec-vpn-wizard-hub-and-spoke-advpn-support

If you have found a solution, please like and accept it to make it easily accessible to others.

Regards,
Aman

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded