Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JustinLJohnson
New Contributor

Route all traffic through tunnel?

I have my branch offices connected to my main site through IPSEC VPN. I can get the tunnels to come up and pass internal traffic but would like to have all traffic (internet surfing) to route back through my main branch as well. I tried following the config guide to make this happen but can' t seem to get it to work. Any ideas?
3 REPLIES 3
rwpatterson
Valued Contributor III

Welcome to the forums. The easiest way I know would be in 3 steps. 1) Create a policy allowing all traffic down the tunnel (and a matching one on the far end) 2) Create a policy route switching all source traffic from that subnet down the tunnel. 3) Create a static route (a second default route) with the same distance and priority as your first, but pointing down the tunnel. This will only work if the tunnel has been created in interface mode on both ends. This way you have an interface on which to add an IP address for routing. Hope that helps. (By the way, I' m doing exactly that now, and it works like a charm. When the tunnel is down, traffic still routes to the Internet via the other local policy(s). When the tunnel comes up, all traffic switches over to the tunnel.)

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
ede_pfau
SuperUser
SuperUser

IMHO you don' t need the policy route. On the contrary, the policy route will obsolete the second default route. If you just use the second default route with slightly lesser priority (translate: " cost" ) then traffic to the internet will prefer the tunnel. If the tunnel goes down, the second default route will be deleted (check Gateway Detection) and the first default route is used instead.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
rwpatterson
Valued Contributor III

Tried that when I first set this thing up. Failed miserably (or well, depending on your perspective). This is what I' m doing right now, so I can say it works.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors