Route all traffic on physical port x over IPSEC Tunnel and port 2 straight out WAN
I have a site-to-site VPN established between remote office A and Corp Headquarters. Currently, all traffic from site A goes through the tunnel to corp, including internet traffic.
What I would like to accomplish is this: Any traffic going through physical interface 1 goes through the tunnel and all traffic connected to physical interface 2 goes out the WAN and NOT through the tunnel. The end goal of this is that anyone on WIFI would not be able to touch the corp network for security purposes.
Is this possible? I played around with it some but was not able to get it to work.
You have to isolate/identify the traffic from WiFi first before you can re-direct the traffic to either interface1, 2 or any tunnels. If they're destined to interface1 or interface2, it's too late to yank them out and re-direct somewhere else. It's already mixed with other "corporate/enterprise" traffic. And more importantly it wouldn't satisfy the security audit/standard like PCI-DSS. We regularly do it at least with vlans, or vdoms if the auditor has more strict standard.
Once you separate it, you can re-direct wherever you want let it go.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.