Hi,
I'm new with Fortigate and migrating from ASA world. I'm a little surprised that the fairly basic configuration causes difficulties even for vendor.
The question is: Does version 7.x support setup where traffic should travel from policy-based tunnel to policy-based tunnel and where the NAT should be used for source address. If so, is there any document to follow so that the implementation would be done correctly? Already found some articles but still wondering do I need VPN Concentrator config to enable traffic flow between tunnels?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Finally this was solved out. The main problem was conceptual. In Forti world you have to use route based type of setup instead of policy based even the another peer of tunnel is using policy based type of configuration. Overall this all was terminologically very confusing.
Hello @Hartza ,
VPN concentrator give you the option to create a hub and spoke VPN, used mainly in some distributed topologies, where you need to centralize resources and access them by a secure connection. And regarding the NAT as long as you are allowing that particular source addresses on other end of the policy-based tunnel. You don't need it
Finally this was solved out. The main problem was conceptual. In Forti world you have to use route based type of setup instead of policy based even the another peer of tunnel is using policy based type of configuration. Overall this all was terminologically very confusing.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.