Hi:
I have a Fortigate 40F setup in office with its WAN conencted to the interent on a public IP , LAN connect to office LAN network 10.61.x.x network
I and followed this guide,
Solved! Go to Solution.
Hi Team,
In that case you need to point your default route towards interface which is connected to juniper firewall.
So the traffic will be forwarded towards juniper firewall and that firewall can provide access.
Does juniper firewall connected to LAN interface of FG firewall?
on vpn client the vpn sets your defaul route if you have no split tunneling on the vpn.
on Fgt it is the first one on your screnshot.
if you set that to the Juniper fw as gateway ip all internet trafic cominig fro your FGT will go to the Juniper. That'd probably be the easiest way but I am not sure if you really want that.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Yes it is possible. You already achieved one part I gues as you have established the vpn and you now have no internet. That tells me you do not use split tunneling so your client's default route was rewritten and the traffic goes thru office lan already.
You now have to have a policy at the remote end FGT that allows you to access the internet coming from your vpn.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
If I understood correctly, the topology would be the following:
PC---Tunnel(L2TP)---FortiGate40F----Tunnel----HQ---Internet.
Now, you are able to successfully connect to the 40F and access resources from the HQ but there is no Internet access. If my understanding is correct, on the HQ firewall, assuming is also a FortiGate, you would need to create a firewall policy that has as source interface the IPsec tunnel interface with 40F and destination interface the Internet facing one. You have to enable NAT on this policy.
Hi Team,
Please look into the screenshot:
Under local interface can you select both wan and lan interfaces and local address to "all" object
Then create firewall policy for IPSEC VPN to LAN and IPSEC VPN to WAN (NAT should be enabled in this policy)
Then test the traffic
Please check and keep us posted
hi Thanks all
This one got the interent working ,Amazing! , but from tracert i can see my pc is getting the internet from the FG40F's WAN
Ideally, I want the all routes to go via FG40F's LAN interface, which connects to Juniper firewall in the office I have no control of , i guess I would need to configure that Juniper to achieve this ?
Thanks again
Hi Team,
In that case you need to point your default route towards interface which is connected to juniper firewall.
So the traffic will be forwarded towards juniper firewall and that firewall can provide access.
Does juniper firewall connected to LAN interface of FG firewall?
hi,
"point your default route towards interface which is connected to juniper firewall."
Sorry , default route , where do I set it up , here or in policy ? Thank you : )
Yes , FG LAN connects to office network that connects to Juniper FW LAN
Thanks
on vpn client the vpn sets your defaul route if you have no split tunneling on the vpn.
on Fgt it is the first one on your screnshot.
if you set that to the Juniper fw as gateway ip all internet trafic cominig fro your FGT will go to the Juniper. That'd probably be the easiest way but I am not sure if you really want that.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Thanks , I will try fiddle with it : )
hi All, thanks all for making this work
It's all working now after adding the static route for the LAN interface with higher priority than WAN route.
It feels wonderful ! :D
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.