Hi:
I have a Fortigate 40F setup in office with its WAN conencted to the interent on a public IP , LAN connect to office LAN network 10.61.x.x network
I and followed this guide,
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Team,
In that case you need to point your default route towards interface which is connected to juniper firewall.
So the traffic will be forwarded towards juniper firewall and that firewall can provide access.
Does juniper firewall connected to LAN interface of FG firewall?
on vpn client the vpn sets your defaul route if you have no split tunneling on the vpn.
on Fgt it is the first one on your screnshot.
if you set that to the Juniper fw as gateway ip all internet trafic cominig fro your FGT will go to the Juniper. That'd probably be the easiest way but I am not sure if you really want that.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Yes it is possible. You already achieved one part I gues as you have established the vpn and you now have no internet. That tells me you do not use split tunneling so your client's default route was rewritten and the traffic goes thru office lan already.
You now have to have a policy at the remote end FGT that allows you to access the internet coming from your vpn.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
If I understood correctly, the topology would be the following:
PC---Tunnel(L2TP)---FortiGate40F----Tunnel----HQ---Internet.
Now, you are able to successfully connect to the 40F and access resources from the HQ but there is no Internet access. If my understanding is correct, on the HQ firewall, assuming is also a FortiGate, you would need to create a firewall policy that has as source interface the IPsec tunnel interface with 40F and destination interface the Internet facing one. You have to enable NAT on this policy.
Hi Team,
Please look into the screenshot:
Under local interface can you select both wan and lan interfaces and local address to "all" object
Then create firewall policy for IPSEC VPN to LAN and IPSEC VPN to WAN (NAT should be enabled in this policy)
Then test the traffic
Please check and keep us posted
hi Thanks all
This one got the interent working ,Amazing! , but from tracert i can see my pc is getting the internet from the FG40F's WAN
Ideally, I want the all routes to go via FG40F's LAN interface, which connects to Juniper firewall in the office I have no control of , i guess I would need to configure that Juniper to achieve this ?
Thanks again
Hi Team,
In that case you need to point your default route towards interface which is connected to juniper firewall.
So the traffic will be forwarded towards juniper firewall and that firewall can provide access.
Does juniper firewall connected to LAN interface of FG firewall?
hi,
"point your default route towards interface which is connected to juniper firewall."
Sorry , default route , where do I set it up , here or in policy ? Thank you : )
Yes , FG LAN connects to office network that connects to Juniper FW LAN
Thanks
This is a great post and really helped me thanks. However I have some users that would like to be able to access the local network for access to their printer for example. I have gone into the the windows vpn connection and disabled the "use default gateway on remote network. This then gives me access back to my local Lan and routes Internet traffic via my router but loses access to the Lan behind the Fortinet vpn. Is it possible to have access to both via the native VPN client?
Many Thanks and apologies if I should not have resurrected this thread.
on vpn client the vpn sets your defaul route if you have no split tunneling on the vpn.
on Fgt it is the first one on your screnshot.
if you set that to the Juniper fw as gateway ip all internet trafic cominig fro your FGT will go to the Juniper. That'd probably be the easiest way but I am not sure if you really want that.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Thanks , I will try fiddle with it : )
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1519 | |
1019 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.