Dear All
Good Afternoon.
I have two fortigate 60D, one in HK and one in China,
Only HK have AD and Radius server, I form a site to site vpn between this two fortigate and want both of them can connect the AD to get the ldap and radius data, however, I notice that I can not access the AD and radius in the fortigate but the subnet behind it can do. How can I let the Fortigate can access the ad server via VPN itself? Thanks.
One more thing, I want the CN users can access the HK website auto go through HK fortigate by VPN. HK users can access the CN website auto go through CN fortigate by VPN. Do fortigate have some pool to let me set the policy to do it ? Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hi,
and welcome to the forums.
I think you need to specify the source address of the 'system' (= the FGT itself) so that it's correctly routed through the tunnel. In the CLI, check 'config user ldap' if there is a 'set source' parameter (either by typing 'set ?' or by looking up the CLI Reference). Set the source IP address to the FGT's internal port address. This should enable system traffic through the tunnel.
Please specify the version of FortiOS your FGTs are using.
Your second question is a bit unclear to me. For users on the local subnet access to the remote subnet behind the tunnel is transparent, that is, 'auto' if I understand you correctly. For this to happen, you need to have a policy from local LAN to tunnel interface allowing such traffic. On the remote FGT, the same applies, you need a mirror policy for the other direction.
Hello.
Both fireware is v5.6.2 build1486 (GA), the FGT is in the route of subnet, do I add a duplicate route to it? (If yes, I have try and seem can not connect---add the peer FGT B address in route in the FGT A that has AD)
For Second question, I am not talking about FGT A second goto the FGT B second, I want FGT A(Hong Kong) PC access China website (Not internal) via VPN, FGT B(China) PC access to Hong Kong website (Not internal) via VPN.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.