Hi,
I set up Site-to-Site vpn with policy-based-ipsec.
In this case, I can create outbound policy (aka, internal to wan with action IPSec), but not inbound policy (from vpn to internal).
I know that I check "Allow traffic to be initiated from the remote site", reverse session is allowed.
But I only need inbound policy.
How do I do this ?
FW : Fortigate 40F
OS ver : 7.2.2
Regards,
Hi,
In the vpn policy from internal to wan, just keep inbound enabled and outbound disabled. This will only allow traffic initiated from peer site.
config firewall policy
edit <>
set action ipsec
set inbound enable
set outbound disable
set vpntunnel < >
next
end
best regards,
Jin
Created on 11-23-2022 04:37 PM Edited on 11-24-2022 02:49 AM
Hi, Jin.
Thank you for your reply.
I'm considering the following situation.
In this case, how should I configure it?
I know that route-base-ipsec can be that because Fortigate create tunnel interface.
Regards,
Does anyone know?
To configure a firewall:
Go to Network Security > Firewall.
Select [IPv4 Policy | IPv6 Policy].
Click Add to display the configuration editor.
Complete the configuration as described in Table 66.
Save the configuration.
Reorder rules, as necessary.
Regards,
Rachel Gomez
Thank you for your reply.
I can't see the tunnel interface in "Incomming Interface" with policy based vpn.
I can only create policy from inside to outside(to use action vpn ).
This does not fulfill my request.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.