Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JustinLJohnson
New Contributor

Created on ‎04-26-2012 10:11 AM

Route all traffic through tunnel?

I have my branch offices connected to my main site through IPSEC VPN. I can get the tunnels to come up and pass internal traffic but would like to have all traffic (internet surfing) to route back through my main branch as well. I tried following the config guide to make this happen but can' t seem to get it to work. Any ideas?
2241
0 Kudos
3 REPLIES 3
rwpatterson
Valued Contributor III

Created on ‎04-26-2012 11:26 AM

Welcome to the forums. The easiest way I know would be in 3 steps. 1) Create a policy allowing all traffic down the tunnel (and a matching one on the far end) 2) Create a policy route switching all source traffic from that subnet down the tunnel. 3) Create a static route (a second default route) with the same distance and priority as your first, but pointing down the tunnel. This will only work if the tunnel has been created in interface mode on both ends. This way you have an interface on which to add an IP address for routing. Hope that helps. (By the way, I' m doing exactly that now, and it works like a charm. When the tunnel is down, traffic still routes to the Internet via the other local policy(s). When the tunnel comes up, all traffic switches over to the tunnel.)

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
1796
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎04-27-2012 05:02 AM

IMHO you don' t need the policy route. On the contrary, the policy route will obsolete the second default route. If you just use the second default route with slightly lesser priority (translate: " cost" ) then traffic to the internet will prefer the tunnel. If the tunnel goes down, the second default route will be deleted (check Gateway Detection) and the first default route is used instead.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
1797
0 Kudos
rwpatterson
Valued Contributor III
In response to ede_pfau

Created on ‎04-27-2012 05:08 AM

Tried that when I first set this thing up. Failed miserably (or well, depending on your perspective). This is what I' m doing right now, so I can say it works.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
1797
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.