I have a site-to-site link between two offices and I need to force one VLAN from site A to use site B as it's gateway for internet access. Currently the site-to-site link allows for devices from either network (including other VLANs) to communicate with each other, but they use their home firewall for internet access. I need this one site A VLAN to go out site B's firewall for internet access.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
I think that policy route may work in your scenario:
Hello,
Similar scenario is described in the KB below:
It looks like they are using a newer firmware than my FW has. I see they are adding a second Phase 2 selector. How can I do that in v. 5.2?
Hello,
In case it is not available in GUI you can try to add it in CLI:
config vpn ipsec phase2-interface
edit <name>
What would be the other commands to complete those steps? I apologize for the additional questions.
Hi @dholton912,
You can refer to this CLI reference of 5.2 for more information https://docs.fortinet.com/document/fortigate/5.2.0/cli-reference
I apologize for the multiple questions, but I have the additional selectors in on both sides. I have the policies in place. I put the 0.0.0.0 static route in but I still cannot browse on this VLAN to the internet. I'm just really lost as to my issue. I don't need my entire network passing for remote browsing, just this one VLAN.
I also noticed in the default route section they are making a 0.0.0.0. Will my situation be different since I only want one VLAN to pass through the VPN for internet access. For example, the main subnet would be 192.168.1.0/24 and the VLAN subnet would be 192.168.10.0/24. I would only want the 192.168.10.0/24 network to pass through for internet access, the main subnet would use internet locally. Thanks!
Hello,
I think that policy route may work in your scenario:
Also the setting of IPs in the tunnel interface is confusing to me. It shows them being set as 2.2.2.2 and 2.2.2.3. Are these just fillers, where should this IP come from?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.