VXLAN over IPSec
- February 12, 2020
- 1 reply
- 2414 views
GOAL: 1. vxlan between 2 sites
2. user lan port4 can go internet
REFERENCES
https://kb.fortinet.com/kb/documentLink.do?externalID=FD38614
https://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD40170&languageId=
QUESTIONS: I notice
1. if I set ip in LAN interface port4, I can't add that nic into soft switch member
2. if I didn't set ip in port4 LAN interface then what is all user pc gateway.
without gateway, how user can go internet
tq
UPDATE1:
-ping between sites working after following this
https://aventistech.com/extend-layer2-network-across-data-center-with-fortigate-vxlan/
Now my problem is allowing LAN user to go Internet
this policy still won't allow LAN user to go Internet
config firewall policy edit 1 set srcintf "FGT1-SW" set dstintf "port1" set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set logtraffic disable next end
How come I can't "set nat enable"
How to allow LAN user to go Internet
UPDATE2:
STATUS: WORKING
some misconfig in firewall policy
config firewall policy edit 1 set name "FGT1-SWtoWAN" set uuid 556a328e-4d37-51ea-7a1a-880bb60617f9 set srcintf "FGT1-SW" set dstintf "port1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set inspection-mode proxy set logtraffic disable set nat enable next end