FortiGate Incoming Interface and Outgoing Interface can be same in case of VPN Zone

Aliz · ‎11-10-2022

Hello all,

I have created the VPN Zone with 10 IPSec Tunnels.

now I need to create a policy between 1 IPSec VPN to multiple IPSec VPNs within the same VPN Zone, But with different Sources and Destinations.

Just a Query

Could you please help troubleshoot this issue?

Thanks in advance.

Regards,

Aliz Shrestha

Toshi_Esumi · ‎11-10-2022

Once you put those VPN interfaces into a single zone, you can not specify individual VPN interfaces as source or destination interface of policies. However, you can still create policies between zone1<-->zone1 specifying source address and destination address.

You just need to make sure you allow intra-zone traffic in the zone config. Then you can control traffic between src/dst addresses.

Toshi

View solution in original post

Toshi_Esumi · ‎11-10-2022

Once you put those VPN interfaces into a single zone, you can not specify individual VPN interfaces as source or destination interface of policies. However, you can still create policies between zone1<-->zone1 specifying source address and destination address.

You just need to make sure you allow intra-zone traffic in the zone config. Then you can control traffic between src/dst addresses.

Toshi

Aliz · ‎11-10-2022

Hello Toshi,

Thank you for the information.

Regards,

Aliz Shrestha

FortiGate Incoming Interface and Outgoing Interface can be same in case of VPN Zone

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website