Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ThePro
New Contributor III

FortiClient - Access to HQ and Branch

Is it possible to connect to HQ via FortiClient and have access to both the HQ and Branch subnets (theres a Site-to-Site IPSec VPN between the HQ/Branch Fortis)?

1 REPLY 1
Toshi_Esumi
SuperUser
SuperUser

Probably about every month, this same question pops up at the forum, although it's hard to search since people use different terms to describe the same thing.

 

By assuming it's a dialup IPsec or tunnel mode SSL VPN from the Forticlient(FC), yes, of course it's possible. It works just like "hub and spoke" arrangement. You need to take care of three things:

1) routing from/to the FC client source IP to/from the destination IP at the branch on the other side of site-to-site VPN, including split tunnel at the client if it's split.

2) Pase2 selectors on the site-to-site need to cover the source/destination combinations above.

3) policies on botrh FGTs allow the traffic

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors