Dear all,
I has 2 60D firewall, 1 in HQ and 1 in Branch.
My boss request all traffic from Branch need go through HQ.
I create VPN IPsec Tunnel between 2 offices but can not Routing all traffic from Brand go through HQ.
Can you help me?
PS: I tried with another Devices like Draytek 2925 in Branch and it can routing all traffic to FG 60D but can not go out internet.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Show Traffic on FG 60D HQ. ( 172.16.0.1 is Draytek)
Policy enabled NAT
But Draytek still not go out internet
just set a /32 static route for the other side of the tunnel public IP toward wan1 then a static default route into the tunnel (tunnel interface name) to solve the routing issue.
Then you need to have a set of policies from inside interface to the tunnel and the tunnel to include interface without NAT. This part is always needed regardless internet needs to going through the tunnel.
I'm assuming the tunnel itself is up with a proper set of phase2 selectors, or default 0/0<->0/0.
I tried, but it not work, monday i will take back 1 fortigate in office and test again.
Are you sure that 222.255.x.x/32 is the other end of IP while the GW seems to be the same subnet 222.255.x.x. If both sides are served by the same ISP, it's possible though.
Check the routing "monitor" to make sure the routing table is as you expect. Then you start needing to use CLI to sniff traffic (diag sniffer packet), IKE debugging (diag debug app ike), and flow debug (diag debug flow). You can find syntax for those debuggings on the internet or in this forum.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.