Hi,
i want to hide my local FortiGate IP with remote PF_Sense located in Germany. i already created the tunnel between them and the tunnel is up, moreover i also configured Central NAT for IPsec tunnel policy and allowed NAT. I need my local site users to use public IP of remote firewall, what is the possible solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @Aadar-Soomro,
If you have Central NAT policy applied to the outbound IPsec traffic your local IP would not be visible on the remote firewall as it would be natted with outgoing interface or IP-POOL based on the configuration.
But i need to reflect public IP of remote PF sense on local users system as their public IP. it is my organization requirement.
That means you have two requirements:
1. hide the local IPs from remote (Germany) side.
2. route local users' internet traffic through the remote (Germany) and use the remote public IP.
For 2, you need to set a default route into the tunnel on the local side by excluding the peer IP (the /32 on Germany end).
Toshi
No dont want to hide my IP's to remote side, the case is simple i want to hide my site 1 local users public ip and to replace it remote PF-sense public IP
Then you don't have to NAT the tunnel traffic. Just need to implement No.2.
Toshi
i have already disabled NAT while configuring tunnel
Dear parth. Actually the requirement is to hide site 1 users public ip and to replace them with remote pf sense public ip located in germany. I have already established vpn tunnel between site1 fortigate and site 2 pfsense. And no NAT is between them. But instead of getting public IP of remote firewall i am getting fortigate public ip at site 1
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.