Hello Everybody
I have several firewalls Fortigate F60D/F60E worldwide and central F200E configured as HUB-spokes and have BGP as routing protocol so, remote firewalls can set up dynamic VPN's and communicate their internals network.
My question is if it is possible to configure a Route Policy using this scenario, I tried to configure it but it only allow me physicals interfaces or tunnels-manually configured
best regards
Gonzalo
Do you have only one dialup IPsec phase1-interface on the HUB side and terminating all IPSecs from other FGTs? You probably need to separate the phase1-interface for each peer to set policy routes.
But BGP generally doesn't work well with policy routes because it always decides the best path for one destination prefix unless you use tricks described below:
https://www.noction.com/blog/equal-cost-multipath-ecmp
To make policy routes to work you need to have multiple parallel routes in your routing table ("priority" can be different), like two 0/0 routes pointing to two ISPs and a policy route specify one of them.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.