I have a site-to-site VPN established between remote office A and Corp Headquarters. Currently, all traffic from site A goes through the tunnel to corp, including internet traffic.
What I would like to accomplish is this: Any traffic going through physical interface 1 goes through the tunnel and all traffic connected to physical interface 2 goes out the WAN and NOT through the tunnel. The end goal of this is that anyone on WIFI would not be able to touch the corp network for security purposes.
Is this possible? I played around with it some but was not able to get it to work.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You have to isolate/identify the traffic from WiFi first before you can re-direct the traffic to either interface1, 2 or any tunnels. If they're destined to interface1 or interface2, it's too late to yank them out and re-direct somewhere else. It's already mixed with other "corporate/enterprise" traffic. And more importantly it wouldn't satisfy the security audit/standard like PCI-DSS. We regularly do it at least with vlans, or vdoms if the auditor has more strict standard.
Once you separate it, you can re-direct wherever you want let it go.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.