Is it possible to connect to HQ via FortiClient and have access to both the HQ and Branch subnets (theres a Site-to-Site IPSec VPN between the HQ/Branch Fortis)?
Probably about every month, this same question pops up at the forum, although it's hard to search since people use different terms to describe the same thing.
By assuming it's a dialup IPsec or tunnel mode SSL VPN from the Forticlient(FC), yes, of course it's possible. It works just like "hub and spoke" arrangement. You need to take care of three things:
1) routing from/to the FC client source IP to/from the destination IP at the branch on the other side of site-to-site VPN, including split tunnel at the client if it's split.
2) Pase2 selectors on the site-to-site need to cover the source/destination combinations above.
3) policies on botrh FGTs allow the traffic
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.