I have two networks at either end of an IPSec VPN, we'll call them the Workstation and Server networks.
I have a Windows Deployment Services server that is currently in the Workstation network (to provide Bitlocker Network Unlock to the workstations). Due to licensing, I need the WDS server to be hosted in the Server network instead.
If I simply moved it there, it would no longer be in the same broadcast domain as the workstations, and they wouldn't be able to contact it at boot time for network unlocks.
What's the best way to put a remote server into the local broadcast domain?
Never knew that. Given the local side doesn’t know, surely it’s safer for OP to assume that it’s got a broadcast and network ID?
I’m also surprised that it works like this - given it doesn’t know, I’d think it would lock those two addresses to be safe.
Hello @o1nder ,
You can achieve this request with the vxlan feature.
Vxlan works like an extended broadcast domain via ipsec. You can use the same subnet and broadcast domain on a remote site.
You can review this document for more information about vxlan.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/38079/vxlan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.