Hi all,
I've taken on a site that has a hub and spoke setup of Fortinet routers using BGP and i've got 2 sites that link "through" the head office router. One of the sites has a CCTV DVR and the other has a CCTV screen (ethernet device) so i want the CCTV screen (let's say on 192.168.0.22) at Site B to connect to the CCTV DVR (let's say on 192.168.20.22) at site C and the router on 192.168.10.20 is at the head office at site A. I've put in the rules on Site B and C to allow the ports in (and set them as ALL for testing) but i can't even ping the DVR on site B from site C (nor the router IP at either site) so as it's going "through" the router at Site A will i need any rules to allow it through here as it's in effect a site to site VPN so i "thought" it would be transparent to the head office router and this would just let it through.
Hope that makes sense.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @ForgetItNet ,
Thank you for reaching out.
As per my understanding you have configured
Please share more information regarding this issue :
Do you have the remote networks on the routing table ?
Can you ping router A from Sites B and C ?
I can ping everything on B and C from A but nothing B to C or Vice Versa
Hi @ForgetItNet
To answer your question to allow communication between spoke B and spoke C we would need end-to-end reachability via a hub. Policy and route suppose to be available on spoke A to send the traffic to hub and from hub to spoke C and vice-versa.
To avoid the manual configuration you can also plan for the ADVPN setup with dynamic routing.
Please follow below link for your reference:-
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Thanks, i only want to allow these two devices between the sites at the moment so is a Policy route the way to go to direct traffic from C to B and B to C ?
Hi @ForgetItNet
Without a new tunnel between the spoke to spoke or a shortcut tunnel (in the case of ADVPN), the direct method will not be there.
With the spoke-hub-spoke case do we need route and policy at all the locations for end-to-end reachability.
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Sorry but when you say we need "route and policy" does this mean a policy route or is it a term for something else ?
Thanks
Hi @ForgetItNet ,
We need appropriate IPV4 policy and route pointing to the destination through the correct interface for it to work. This is applicable on both ends, Hub and spokes
Regards,
Vimala
We need a policy route which allows you to specify an interface to route traffic.
If proper routing is in place and correct hub and spoke configuration your issue should be solved.
Please check this document as it might help with your understanding: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Implement-Hub-and-Spoke-or-point-to-multip...
ADVPN with BGP
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.