Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sGTester
New Contributor

Full Mesh VPN - Looking for Guidance

Hello, I'm hoping that someone can help point me in the right direction (or provide a simple example) for what I need to do.

 

I am looking to do the following:

 

- Set up a Mesh VPN between 3 sites. Main site has 2 60D devices in HA and has VPN tunnel to Azure. Other sites have only 1 60D. Single ISP in all sites.

- Need to limit traffic across VPN to some subnets only.

- Need to restrict some subnets to communication in one direction.

- Need to route traffic to Azure from other sites via Main site.

 

OCVPN not an option at this time.

 

Thanks in advance.

2 REPLIES 2
emnoc
Esteemed Contributor III

1: route-base

2: dynamic routing protocol

3: for controlling traffic, that's the job of the fw-policy-id, adjust the service src/dst address and allow only those traffic

4: as far as routing all traffic back to main 2 get to azure ensure that remote-subnets at sites with 1x 60D are included into the azure vpn-setup

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
sGTester
New Contributor

Thank you for the reply.

I will take your suggestions.

 

By the way, do you have any opinion on whether I should use the wizard (with ADVPN) for the mesh setup, or should I do it manually?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors