Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
osaleem2_10
New Contributor II

Created on ‎03-07-2025 11:27 AM

Ipsec vpn hub and spoke

Hi,

 

I have HQ with 2 WAN Int, one is a public IP, and 4 branches as Spokes with no public IP.

 

I have built SD-WAN in my HQ to do Load sharing. Now I want to let the spokes connect with the HQ to reach some services.

 

1- is the right VPN dial-up hub and spoke?

2- should I build a VPN from SD-WAN wizard, or no need I can build it as normal from a VPN IPsec tunnel?

3- If I want spokes to communicate with each other, what should I do extra? is it only add routing and security policy? or do I have to change the VPN type?

OSALEEM2_10
OSALEEM2_10
Labels:
197
0 Kudos
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Created on ‎03-09-2025 11:12 PM

Hello Osaleem,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
158
Anthony_E
Community Manager
Community Manager

Created on ‎03-13-2025 01:53 AM

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Thanks,

Anthony-Fortinet Community Team.
122
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎03-14-2025 01:45 AM Edited on ‎03-14-2025 01:46 AM

To set up an IPsec VPN in a hub-and-spoke configuration, :

  1. Network Topology: Identify the central device (Hub) and remote devices (Spokes).  Ensure the hub is connected to the Internet and each spoke connects to the hub through the Internet.
  2. Hub Configuration: Configure the FortiGate unit as the hub. Set up IPsec VPN tunnels for each spoke. Use preshared keys for authentication. Define a VPN concentrator to manage the spokes.
  3. Spoke Configuration: For each spoke, configure phase 1 and phase 2 settings to establish a VPN tunnel with the hub. Set source and destination addresses for the networks behind the spokes and the hub. Create firewall encryption policies to enable communication between the spokes and the hub.
  4. VPN Tunnel Management: Ensure all VPN tunnels terminate at the hub. Manage traffic between spokes through the hub.
  5. Testing and Verification: Verify the VPN connections are established and functioning correctly. Test communication between the hub and each spoke, as well as between spokes if required.
Anthony-Fortinet Community Team.
104
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.