Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Multiple local subnet interfaces for IPsec VPN

We have two FortiGates (100E & 200E) that we want to establish a VPN between. Both firewalls have a local VLANs configured (via FortiLink managed FortiSwitches). We want all VLANs communicate over the VPN.

When using the FG-FG VPN wizard, I have noticed I am required to choose a local subnet interface. In our case we want all our VLANs but this is not possible in the wizard.

What would you recommend? Perhaps I could create a zone but this would require I recreate all our firewall policies. Is this the preferred way?

Or maybe I should create the VPN using the custom wizard. I can't see a requirement for a local interface.



Esteemed Contributor III

I don't regularly use wizard/GUI but if you create a site-to-site for FGTs even when you specify for source and destination it seems to set "addr-type" to "name" instead of 0/0<->0/0.

Then you need to go to "custom", then the default selector set is 0/0<->0/0 so you don't have to change it. You just need to set proper routes and policies on both sides to allow all vlans to talk between them.

New Contributor III

Thanks mate.

Got the test scope going via the GUI custom wizard. I will do some performance testing before using for production traffic.

Top Kudoed Authors