Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Route all traffic through VPN
I have 2 offices. Main office has a Fortigate100A, Remote office has Fortigate60.
I have my Websense URL filtering server located in my main office and would like to route all traffic in that remote office to go through my main office. Like a WAN.
If all traffic is not possible to route to the main office, would anyone have any idea how to route HTTP traffic to go to my Websense server. I tried putting a rule in the remote office firewall to route HTTP, but that didn' t seem to work.
I do not use the URL Content filtering on either firewall since I use Websense.
Any help??
pmosca@trinitystairs.com
Pablo
Pablo
6 REPLIES 6
Not applicable
Created on 07-20-2006 04:21 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could setup a proxy or a dns server that points all webtraffic throuh the tunnel.
or if there aren' t a lot of computers you could just setup a static route in each of the computers
-DCG
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' m not sure how I' d do the DNS setting nor the route on each PC.
Can you explain?
Pablo
Pablo
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Pablo,
Indeed the points are:
1/ When you stand on the remote FG60, you set a vpn policy to redirect ANY traffic (i.e. 0.0.0.0/0.0.0.0, ANY services) to your HQ office (FG100A).
2/ When you stand back to your HQ (FG100A), set a vpn policy to build up vpn tunnel with remote office as normal like 10.0.0.0/24
3/ On your 100A, set an ADDITIONAL wan1 to wan1 policy, to allow the subnet of remote office to access (eg. 10.0.0.0/24) to access the Internet (0.0.0.0/0.0.0.0)
Please try and report~ Thx~
Protect yourself~ http://www.secunia.com
MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am not sure whether it could help... but it' s no harm to try...
Firstly, it' s assumed that you have build up a vpn tunnel between these two offices, beside the standard ipsec vpn setting, some points to note:
Setting on remote site' s FG
- make sure the destination address in the vpn policy rule is set as ' 0.0.0.0/0.0.0.0'
Setting on your local FG
- set a fw policy to allow the remote office subnet to access the Internet
Please share your result if tested~ Or maybe something I have missed...
Protect yourself~ http://www.secunia.com
MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
oops, yes I do have a IPSPEC VPN between the 2 offices.
I have the first setting you mentioned already on. But I am not sure what you mean on the second setting. They currently access the internet through their gateway, but I want to route it to through the VPN and to my Websense server.
Pablo
Pablo
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Pablo,
You success to completed your tasks? I want to hear your good news and share your experience.