Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Hub and Spoke Topology Not Working as Expected



I've built a Hub-and-Spoke lab as I need to deploy SD-WAN, which is my ultimate goal here. The configuration went smooth with no issues I can remember. However, after the configuration is complete, and BGP is up, the spokes are not able to reach each other. I tried troubleshooting, and found that the Hub is not passing the traffic. Below is my topology on EVE/PNet




I'm not sure where the issue is. But the firewalls doesn't pass the traffic through the tunnels!


I need to get SD-WAN fully running here.


All 3 firewalls are running the same version: FortiOS-VM64-KVM v7.2.4,build1396,23013 (GA.F).


For the IPSec Tunnels, I created the tunnels using the wizard using the Hub-and-Spoke Template


I'm really not sure what is missing here.

1 Solution

Hello @mauromarme ,


I've got it to work in Hub-and-Spoke deployment after I changed the image I was using.


Seems that the FOS Image doesn't pass traffic. I changed to the FGT with trial license, and it worked with me. Time to work on the SD-WAN and see the outcome. It might take some time to work on it.

View solution in original post


hi @islam_nadim ,

Do you mind to share you HUB VPN configuration screenshot?

New Contributor

First of all if you are thinking happened config failed:
I think you should check this all steps again,
1- How did you do ipsec tunnel for hub and spoke devices:
Is these true ? tunnel ip address, local subnets, and AS numbers.
2- Is it true interfaces of devices (wan port) and wan ip address for tunnels.
3- Spoke devices should announce networks (local subnets) with BGP.
4- You can check on BGP portal , can you see neighbors? you should see ip address and remote AS of spokes. ( maybe it didnthappen)

New Contributor III

Hi, configuration is correct. BGP is running fine .. The issue was in the image of the Fortigate itself. After changing it, everything worked as expected.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors