Hello guys,
I own a 600E appliance if it is relevant.
I would like to know a several things regarding the IPSEC VPN:
1. When running the IPSEC wizard it does generate rules that allow Remote_Subnet>Local_Subnet and Local_Subnet>Remote_Subnet.
my question is if I delete these rules, will the tunnel go up when the other side configure the IPSEC VPN on his appliance?
or maybe the fortigate needs to have corresponding rules that allow traffic between the protected networks on both sides.
2. I configured an IPSEC VPN with a service provider, and for the protected networks, he told me to set up some public IPs Subnet, and not a Private LAN Subnet, so I configured his remote gateway with a public IP and the his protected networks with a public IP range..
Can someone please explain why would he do this ? I'm a little confused. Thanks for your help!~
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1. By default, if you don't specify some network selectors, it sets 0/0<->0/0 for both direction. You need to match the other end as well, then it should come up.
2. Service providers often use public subnets to make sure uniqueness of each customer's networks, or their specific service networks against others. They're just IP subnets and no difference from private ranges for routing with IPsec.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.