I have fortigate 100E firewall at our Head office (10.10.10..0/24) with multiple branches connected to it via ipsec tunnel. Cloud infra on azure (172.16.10.0/24) is also connected to Head office firewall. Users in Head office can access the Azure cloud server. But now I want to provide Azure connectivity to one of the branch office (10.10.20.0/24) which is already connected to head office firewall.
What configuration i need to do on branch and head office firewall? For azure cloud configuration, their support team will help.
Hey! First question would be how "Cloud infra on azure (172.16.10.0/24) is also connected to Head office firewall" your cloud infra on azure is connected to 100E? If it is an IPSec tunnel, then you can go ahead and add the route on your phase 2 going towards the branches and vice versa. Creating a group would be recommended is you have multiple branch sites. Similarly, you will be populating the phase 2 going towards azure with branch addresses so that traffic from the Azure can route back to 100E. 100E should have both routes (towards branch and towards Azure) , we just have to ensure that Azure knows every branch can be reached via 100E, and all the branches know that to reach to Azure the traffic has to be routed via 100E.
Hi @nitindivekar,
You will need to modify phase2 selectors, static routes, and firewall policies. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPsec-to-IPsec-communication-between-branc...
Regards,
Created on ‎07-01-2024 02:04 AM Edited on ‎07-01-2024 02:54 AM
Thanks. I will also follow this article and let you know.
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.