We would like to create a policy route to allow all users connected to an AP to route their internet traffic over a specific WAN port.
The AP is an aruba instant on connected to the same interal port as all clients, DHCP will be handled by the fortigate
How would we configure this? any help would be appreciated.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Does the wireless user receive a separate subnet IP address from the DHCP server? If yes, you can setup a policy route that specifies the source wifi user subnet and outgoing interface to the WAN interface, as shown in the following document.
Regards
Jamal Hussain
Thanks for your reply, on the Aruba we did test with NAT the Aruba then gives out a separate IP, the Aruba does not have a proper DHCP Server. its the Instant on Models.
This worked but the issue then is the Ipsec for these users don't work they are not able to access Hq via IPsec.. Not sure how to solve that.
Hi @Etiennet,
What does your policy route look like. It might be routing all traffic via WAN as policy route take precedence over static route. You can create another policy route to route traffic over IPsec tunnel if it matches HQ subnet.
Regards,
Hi @hbac
Thanks for your reply.
I have attached my Policy. in the Source addresses I added a test laptop and the Aruba AP.
The Aruba is now Natting the Devices that are connected to it. How would we allow those devices now to be able to access HQ via the IPsec?
Remote Site IP range 10.10.61.x
Devices connected to Aruba AO 10.10.65.x
Would really appreciate any help.
Hi @Etiennet,
You can create another policy route with destination=10.10.61.x and outgoing interface=IPsec tunnel.
Regards,
Thanks, but the 10.10.61.x range can already access the IPsec.
The issue is the NAT on the Aruba the 10.10.65.x range... They need to access the IPsec?
Hello Etiennet,
Kindly use the following article for this:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-the-firewall-Policy-Routes/ta-...
In this article, Port6 is your Desired WAN interface. Make sure you add the gateway address of the WAN interface in it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.