Description
This article describes how to configure FortiGate to allow remote browsing over IPSec VPN tunnel
Solution
Remote browsing over IPSec VPN tunnel:
In this example, 2 FortiGates (FortiGate A and FortiGate C) have established a VPN tunnel and local subnet in FortiGate C (10.221.0.0/16) will require to access Internet via VPN_TO_FGTA tunnel.
Configuration in FortiGate C:
1) Create a default route in FortiGate C to make sure all other traffic besides VPN will go through VPN tunnel
This article describes how to configure FortiGate to allow remote browsing over IPSec VPN tunnel
Solution
Remote browsing over IPSec VPN tunnel:
In this example, 2 FortiGates (FortiGate A and FortiGate C) have established a VPN tunnel and local subnet in FortiGate C (10.221.0.0/16) will require to access Internet via VPN_TO_FGTA tunnel.
Configuration in FortiGate C:
1) Create a default route in FortiGate C to make sure all other traffic besides VPN will go through VPN tunnel
2) On VPN phase 2 selectors, create a new selector with local address pointing to 10.221.0.0/16 and remote address set to 0.0.0.0/0.0.0.0
3) Create a firewall policy for local subnet to access internet over VPN tunnel4) Set an IP address and remote address on VPN tunnel (Go to Network -> Interfaces)Configuration in FortiGate A:1) Configure phase 2 selectors in VPN tunnel2) Create a firewall policy for VPN users to access to Internet3) Set an IP address and remote address on VPN tunnel (Go to Network -> Interfaces)Test results in FortiGate ATest results in FortiGate C
