Hello everyone,
I need your opinions and experience to help me in my design. Here is my architectural diagram
I want VLAN10 from site A to be able to join VLAN10 from site B. Same for VLAN20 and VLAN30.
I also want each VLAN to be able to join the internet.
And finally, I also want VLAN10, 20, 30 to be able to join together, via the Fortigate filtering rules
What is the best way to get there?
Thanks for your help !
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
VXLAN over IPsec is the typical Forti-solution for extending L2 over a VPN.
You can start here: https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/38079/vxlan
I tried following this documentation: https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/821119/vxlan-over-ipsec-tunn...
But I'm stuck at step 6: set member "port1" "vxlan".
Unable to add my port1 in my virtual-wire-pair. I can't understand why...
To fix this, you will most likely need to remove all references to port1 (i.e. delete existing policies).
But you probably don't want to do this with VWP. I would expect that implementation with a virtual switch is more universal and useful for customers.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/247006/vxlan-over-ipsec-usin... This doc is better, but you need to ignore the Hub-and-spoke setup and do it for a simple site-to-site.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1707 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.