Hi,
I have successfully setup site-to-site vpn between FG60D and Mikrotik router. The tunnel is up and running and is setup using policy route vpn.
Now i would like to block traffic coming from mikrotik-> FG. Is there any way of doing it with policy based vpn. I have even setup a block rule which block traffic from mt->fg but it doesn't seem to work. Looking at the logs it looks like the packets which comes from mt hits the ipsec rule and gets routed. I even tried to move the block rule above the ipsec rule but still had no luck.
I read the following in one of the manual "The source address that you choose for the security policy identifies from where outbound cleartext IP packets may originate, and also defines the local IP address or addresses that a remote server or client will be allowed to access through the VPN tunnel."
Can anyone help me with this
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
In your policy, do you have a checkbox that's labeled "Allow traffic to be initiated from the remote site"?
In case you do, uncheck this and then you'll need one policy for each direction.
Another way is to create a Routing-based VPN. Then you'll need one policy for each direction.
I think the default way is route-based vpn.
Thanks for your reply Nilsan.
I don't think it allows you to deselect "Allow traffic to be initiated from the remote site" this option. I think the only way is to use route based vpn then.
It would be better if i can drop the traffic from forward chain same way i did on mt router on the other end.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1629 | |
1062 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.