Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Remote IPSec to Sub-Site


We have successfully set up IPSec FortiClient together with the relevant policies. We have 3 sites in all and all users connect to the main site.

Our next plan is to allow users who connect to the main site to be able to connect to servers/services on the remote sites. How can we achieve this when users are connected via FortiClient?

The only issue I currently have is that the VPN wizard created a tunnel interface for the main site but I don't know if I need to create a tunnel interface in the sub-sites as well. If yes (which I assume so), do I need to point the main site tunnel interface to the remote IP tunnel or firewall policies should be enough? Thank you

Hi @jabal,


I believe you want to allow remote access VPN clients at the main site to access remote site via site to site VPN tunnel. You need to add a phase2 selectors and create firewall policies to allow the traffic. This link has similar scenario:



Top Kudoed Authors