Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
anderp73
New Contributor

Created on ‎04-13-2024 05:15 PM

Tunnel through main building to connected two other to reduce latency.

I have Custom Tunnels from B1 (1.0) to B2(2.0) that is 1ms latency.

I have a custom tunnel from B1 to B3 (3.0) that is 13ms latency.

I have a custom tunnel from B3 to B2 that is a 54ms latency.

 

I want to send the connection from B3 to B2 through B1 to reduce the latency between these two buildings. I need the latency to be under 20ms.

I created a route forB2 2.0 traffic going to 3.0 to use the tunnel through 1.0

I created a route on B3 for 3.0 traffic going to 2.0 to use the tunnel through 1.0

In the firewall policy on B1 Lan traffic from 2.0 going to 3.0 to go through the 3.0 tunnel and reversed cloned.

I also created a policy on B1 Lan traffic from 3.0 going to 2.0 to go through the 2.0 tunnel and reversed cloned as well.

 

On B2 and B3 I created the Policies for any Lan going to B2 or B3 to pass through the B1 tunnel and also reversed cloned these two policies.

It didn’t work. What am I missing here?Network Di.png

Labels:
396
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser

Created on ‎04-13-2024 09:47 PM Edited on ‎04-13-2024 09:47 PM

You mentioned 1) routing, and 2) policies. But you didn't mention about 3) phase2 network selectors. Did you adjust the selectors to allow B2<->B3 traffic to go over the tunnels to/from B1?

Then sniff packets at B1 if those are coming to B1 from B2/B3. You have to disable offloading on the policies with CLI though to see them fully.
"set auto-asic-offload disable"

Toshi

View solution in original post

359
2 REPLIES 2
Toshi_Esumi
SuperUser
SuperUser

Created on ‎04-13-2024 09:47 PM Edited on ‎04-13-2024 09:47 PM

You mentioned 1) routing, and 2) policies. But you didn't mention about 3) phase2 network selectors. Did you adjust the selectors to allow B2<->B3 traffic to go over the tunnels to/from B1?

Then sniff packets at B1 if those are coming to B1 from B2/B3. You have to disable offloading on the policies with CLI though to see them fully.
"set auto-asic-offload disable"

Toshi

360
anderp73
New Contributor
In response to Toshi_Esumi

Created on ‎04-17-2024 05:49 AM

Thank you for the reply, I will try this tomorrow, I hope. I did not add the selector. 

289
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.