Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
islam_nadim
New Contributor III

Hub and Spoke Topology Not Working as Expected

Hello,

 

I've built a Hub-and-Spoke lab as I need to deploy SD-WAN, which is my ultimate goal here. The configuration went smooth with no issues I can remember. However, after the configuration is complete, and BGP is up, the spokes are not able to reach each other. I tried troubleshooting, and found that the Hub is not passing the traffic. Below is my topology on EVE/PNet

 

Topology.png

 

I'm not sure where the issue is. But the firewalls doesn't pass the traffic through the tunnels!

 

I need to get SD-WAN fully running here.

 

All 3 firewalls are running the same version: FortiOS-VM64-KVM v7.2.4,build1396,23013 (GA.F).

 

For the IPSec Tunnels, I created the tunnels using the wizard using the Hub-and-Spoke Template

 

I'm really not sure what is missing here.

1 Solution
islam_nadim

Hello @mauromarme ,

 

I've got it to work in Hub-and-Spoke deployment after I changed the image I was using.

 

Seems that the FOS Image doesn't pass traffic. I changed to the FGT with trial license, and it worked with me. Time to work on the SD-WAN and see the outcome. It might take some time to work on it.

View solution in original post

13 REPLIES 13
Muhammad_Haiqal

hi @islam_nadim ,

Do you mind to share you HUB VPN configuration screenshot?

haiqal
Nebula1
New Contributor

First of all if you are thinking happened config failed:
I think you should check this all steps again,
1- How did you do ipsec tunnel for hub and spoke devices:
Is these true ? tunnel ip address, local subnets, and AS numbers.
2- Is it true interfaces of devices (wan port) and wan ip address for tunnels.
3- Spoke devices should announce networks (local subnets) with BGP.
4- You can check on BGP portal , can you see neighbors? you should see ip address and remote AS of spokes. ( maybe it didnthappen)

islam_nadim
New Contributor III

Hi, configuration is correct. BGP is running fine .. The issue was in the image of the Fortigate itself. After changing it, everything worked as expected.

syeedkazmi
New Contributor

Hi All,

I have the same issue where Hub is able to have communication with Spokes and vise versa but Spoke to Spoke communication is not working. when checked the routes on Spoke is not available for other sopke only routes of Hub is advertised.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors