Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate Site to Site VPN for Web Traffic Only

I have a pair of Fortigate 60F's, one is in the USA and one is in the UK.   I have a Site to Site VPN currently setup but it is a Split Tunnel so all of the web traffic goes through the respective ISP's.


What I want to do is force all of the UK Web traffic to go through the VPN to the US but allow all other traffic to go through the UK isp so I don't have the added latency.


Is there a way to dictate via policy that the traffic of a specific domain/website go over the VPN or even all http/https traffic go over the vpn while everything else is left alone?


I believe your requirement is to send only HTTP and HTTPS traffic over the IPsec tunnel. 

Under phase2 selectors, you can use Remote Port and Protocol options. Maybe this will help with your requirement. 



Inigo Mathew

It still wouldn't solve routing issue that there needs to be two default routes, one to the tunnel another to the wan interface. You need either policy routes or SD-WAN setup.



New Contributor

I'm being told by TAC that the Phase 2 Selectors have to be changed to show rather than the defined that everything goes through the tunnel and not just traffic that matches the remote subnet destinations.  Then some policy based entries.   Not sure if it'll work but i'm going to give it a try.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors