- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[ADVPN] isolate site in advpn
Hello everyone
example i have three spoke under same advpn, but i wanna isolate spoke A from other spoke B & C, can i do that ?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings!
Yes it is possible to isolate the spoke A from other spoke by using network ID.
Please check this document: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-case-of-Network-Ids-with-ADVPN-shortcu...
Regards!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My apologies for not clarifying but we are an MSP. We will separate our customers out to individual ports and put them into their own VDOMS so their traffic is completely isolated. If one of our customers has multiple locations we want to be able to form adjacencies to the spoke fortigates so they can have spoke to spoke communications via BGP/OSPF . We will route public IP wan blocks from our provider to said VDOMs so we can NAT their traffic and perform UTM features that the Fortigate has to offer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In that environment, if you want to use ADVPN for customers, you need to set up an ADVPN per customer/VDOM. As you said, the isolation is done by VDOM. You shouldn't/can't set up one ADVPN network across VDOM borders.
Toshi
