Hi,
We are planning on rolling out a handful of Fortigates 90G - currently we have 3 setup in a non-production environment. We are receiving a TLS link between some sites and other sites will use ADVPN Hub\Spoke with SD-WAN and dual ISP. The VPN part is working fine and so I've removed those links for the time being.
For the TLS we have 2VLANs on our hub FortiGate (200,300) setup under port3.
Our PC connected to the main Fortigate can each all other Fortigates. The other PCs connected to the other Fortigate can reach the hub but cannot each the Fortigate at the other end. The reason looks like BGP is not interesting the route into the routing table. As it is the only path to the destination, I am not sure why and am clearly missing something.
Willing to post any config that will help. Here are screen captures of what I'm referring to. The first one is the main Fortigate where the trunks for the TLS from our ISP will come in and the second one is the branch location. This is NOT using a VPN and is just a LAN link with routing.
Solved! Go to Solution.
More understanding of BGP is needed... but the solution was to use
" set next-hop-self-rr enable " on this link
Solution was found from the help document at
How to modify BGP next hop for route refl... - Fortinet Community
More understanding of BGP is needed... but the solution was to use
" set next-hop-self-rr enable " on this link
Solution was found from the help document at
How to modify BGP next hop for route refl... - Fortinet Community
User | Count |
---|---|
2620 | |
1390 | |
804 | |
666 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.