Hey everyone!
I have a site-to-site VPN between two locations. Is there a way I can pass only one IP address through for remote browsing. For example, I have a subnet of 10.0.0.0/24 on FW A that can access all internal resources on FW B (example subnet of 10.1.1.0/24). I have one workstation (10.0.0.50) on FW A that would need to access the internet through FW B. The rest of the network would still access the internet through FW A. I tried using this KB https://community.fortinet.com/t5/FortiGate/Technical-Tip-Remote-browsing-over-IPSec-VPN-tunnel/ta-p... but am unable to get what I need to work. Any help with this would be greatly appreciated!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I believe your default route is pointing to wan2 which is why it doesn't match the policy route. You will need another static route and point it to the IPSec tunnel. You can create a static route for 8.8.8.8 for testing and point it to the IPSec tunnel. After that, run the debug flow again.
Regards,
You can have 2 static routes with the same distance. Just give your local Internet route a higher priority so that all other users will only use the local Internet route.
Regards,
That fixed it! Thank you and @mle2802 so much for your help in this matter!!
You create it on firewall A with source 10.0.0.50.
Try use policy routes for exceptions only.
If you read the tech tip provided by @mpeddalla you will take real advantage of the policy routes.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1645 | |
1070 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.