I'm a newbie here, I have a WAN IP and public IPs from ISP. I want to used the Fortigate as the network firewall (directly connected to the WAN ISP) to pass all remote connections. Behind that Fortigate firewall are different firewalls (Cisco, Fortigate) for different networks that handle their own VPN connections. How do I configure the Fortigate to pass all the traffic from remote connections to go thru their own VPNs?
To do that you need to have either an additional public subnet from your ISP for LAN side of the outside FGT or set up tricky VIPs to forward all VPN traffic to VPN FWs' local/private IPs. I said tricky because you need to use source-filter to identify which VPN goes which FW, which would break when the source IP changes. I definitely prefer the former that can be done by even a simple router, and move FW features to VPN FWs that would simplify routing traffic coming/going over VPNs.
I have a WAN IP and 5 public IPs that is given by the ISP. I'm planning on assigning the 5 public IPs to the local VPN FWs and have the outside FGT as GW for those public IPs and pass thru all remote sessions, so essentially the FW is being used as a router. Do I need to create policies to allow all traffic from the internet/remote sessions?
Nothing can pass through a FW without a policy. It doesn't matter if it's VPN or regular internet traffic.
Sound like your doing a stack-outer-inner firewall, yes you need policy even a ANY policy would work but I would not see the benefit for doing this if your running two-firewalls. It would be wash or waste imho
Ken Felix
PCNSE
NSE
StrongSwan
Agreed. You can't do anything with the tunnel traffic from a firewall perspective aside from throttling it or flat out denying/allowing traffic. I would just go with a (not too) cheap switch.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.