[ADVPN] isolate site in advpn

shiryunaga · ‎03-17-2025

Hello everyone

example i have three spoke under same advpn, but i wanna isolate spoke A from other spoke B & C, can i do that ?

Dhruvin_patel · ‎03-17-2025

Greetings!

Yes it is possible to isolate the spoke A from other spoke by using network ID.

Please check this document: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-case-of-Network-Ids-with-ADVPN-shortcu...

Regards!

Dhruvin Patel

Toshi_Esumi · ‎03-17-2025

In that environment, if you want to use ADVPN for customers, you need to set up an ADVPN per customer/VDOM. As you said, the isolation is done by VDOM. You shouldn't/can't set up one ADVPN network across VDOM borders.

Toshi

shiryunaga · ‎03-17-2025

So if we have 3 customer with multiple site, we need create 3 vdom so we have 3 as bgp for spoke to spoke communication ?

Toshi_Esumi · ‎03-17-2025

Think about those three VDOMs as three physical boxes of firewalls(or just Cisco/Juniper whatever routers terminating IPsec VPNs), which happen to be at one (your) location. Then it would be obvious what you need to do to serve/connect each customer's locations to them.

Toshi

[ADVPN] isolate site in advpn

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website