Hello All,
I have a Site-to-Site VPN and when the VPN is not connected and we try to open a browser to open a site on the branche-office we get a time-out and when the vpn is rebuild and try again, we still get a time-out. When debug this on the Fortigate we see that it is looking for an already made session and reuses that session again. But this session goes out over the WAN and not the VPN. We need to clear the session so it takes the right path.
The priority for the WAN is 10 and the VPN is 5. Running a Fortigate 51E with firmware 5.4.1
Is there a way to force the connection use the VPN route and not the WAN?
And if it uses the WAN connection and the VPN is reconnected then force the VPN path?
Thanks in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
You can configure the policy route, please refer the below KB article.
Regards,
Somu
No, "policy route" totally misses the point here.
You need to prevent the FGT from creating a session for traffic which is aimed at a VPN tunnel in the first place. The key here is "blackhole routing".
This has been discussed quite a few times in the forums. Please see https://forum.fortinet.com/tm.aspx?m=132141 for an explanation and the remedy.
Hi,
you should configure blackhole routes for your subnets on the other site of your vpn tunnel.
The blackhole routes will stop the creation of sessions and no routes will be cached.
This KB will help you:
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36695
Best Regards
bommi
NSE 4/5/7
Thank you.
I created the Policy route. I will test. If this is not the result we are looking for I will have a look at the Blackhole option.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1095 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.