Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Aliz
New Contributor II

FortiGate Incoming Interface and Outgoing Interface can be same in case of VPN Zone

Hello all,

 

I have created the VPN Zone with 10 IPSec Tunnels.

now I need to create a policy between 1 IPSec VPN to multiple IPSec VPNs within the same VPN Zone, But with different Sources and Destinations.

 

Just a Query

 

Could you please help troubleshoot this issue?

 

Thanks in advance.

 

Regards,

Aliz Shrestha

1 Solution
Toshi_Esumi
Esteemed Contributor II

Once you put those VPN interfaces into a single zone, you can not specify individual VPN interfaces as source or destination interface of policies. However, you can still create policies between zone1<-->zone1 specifying source address and destination address.

You just need to make sure you allow intra-zone traffic in the zone config. Then you can control traffic between src/dst addresses.

 

Toshi

View solution in original post

2 REPLIES 2
Toshi_Esumi
Esteemed Contributor II

Once you put those VPN interfaces into a single zone, you can not specify individual VPN interfaces as source or destination interface of policies. However, you can still create policies between zone1<-->zone1 specifying source address and destination address.

You just need to make sure you allow intra-zone traffic in the zone config. Then you can control traffic between src/dst addresses.

 

Toshi

Aliz
New Contributor II

Hello Toshi,

 

Thank you for the information.

 

Regards,

Aliz Shrestha