Hello,
I've built a Hub-and-Spoke lab as I need to deploy SD-WAN, which is my ultimate goal here. The configuration went smooth with no issues I can remember. However, after the configuration is complete, and BGP is up, the spokes are not able to reach each other. I tried troubleshooting, and found that the Hub is not passing the traffic. Below is my topology on EVE/PNet
I'm not sure where the issue is. But the firewalls doesn't pass the traffic through the tunnels!
I need to get SD-WAN fully running here.
All 3 firewalls are running the same version: FortiOS-VM64-KVM v7.2.4,build1396,23013 (GA.F).
For the IPSec Tunnels, I created the tunnels using the wizard using the Hub-and-Spoke Template
I'm really not sure what is missing here.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @mauromarme ,
I've got it to work in Hub-and-Spoke deployment after I changed the image I was using.
Seems that the FOS Image doesn't pass traffic. I changed to the FGT with trial license, and it worked with me. Time to work on the SD-WAN and see the outcome. It might take some time to work on it.
hi @islam_nadim ,
Do you mind to share you HUB VPN configuration screenshot?
First of all if you are thinking happened config failed:
I think you should check this all steps again,
1- How did you do ipsec tunnel for hub and spoke devices:
Is these true ? tunnel ip address, local subnets, and AS numbers.
2- Is it true interfaces of devices (wan port) and wan ip address for tunnels.
3- Spoke devices should announce networks (local subnets) with BGP.
4- You can check on BGP portal , can you see neighbors? you should see ip address and remote AS of spokes. ( maybe it didnthappen)
Hi, configuration is correct. BGP is running fine .. The issue was in the image of the Fortigate itself. After changing it, everything worked as expected.
Hi All,
I have the same issue where Hub is able to have communication with Spokes and vise versa but Spoke to Spoke communication is not working. when checked the routes on Spoke is not available for other sopke only routes of Hub is advertised.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.