I have successfully configured a site-to-site VPN connection between 2 Fortigates.
The two subnets of the locations can also reach each other with static routes.
However, if I create a policy-based route instead of a static route, no data is transferred.
Unfortunately I didn't find a suitable article about FortiOS 7.2.
This article cannot be implemented this way under 7.2: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-policy-routes-for-route-based-in...
Can someone give me a tip here?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Why is it not suitable for 7.2? I have configured a policy route pointing to VPN on my FGT 7.2 no problem.
works like a charm....
Can you please give us an idea of what you are trying to accomplish with the policy route?
I only want to route traffic into the VPN that comes from specific sender IP addresses.
With static routes I can't restrict the source IP address. Of course I can also make the restriction via the firewall policy, but I would like to restrict it directly in the routing.
What is the error you are getting with 7.2 , are you not able to configure the interfaces or policy routes?
i can configure the policy but it is not applied.
As far as I found out, based on the KB, the interface and gateway must always be configured for a policy-based route.
this is not possible with a vpn interface.
When I check the routing monitor, I see that the default routing rule 0.0.0.0 is matched, which of course does not lead to success.
Did you follow the instructions in the KB that state "The solution is to configure an 'IP' and 'Remote IP' on the virtual tunnel interface, and use the 'Remote IP as the gateway IP address in the policy routes."
see my first post... I know this KB but it is not suitable for 7.2
Why is it not suitable for 7.2? I have configured a policy route pointing to VPN on my FGT 7.2 no problem.
Created on 04-27-2023 11:44 PM Edited on 04-27-2023 11:48 PM
under network -> interface I don't see any VPN interface of the Tunnel Interface type.
The only tunnel type interface is the "NAT interface (naf.root)"
Edit:
ok guy, i'm really too blind... next to the WAN interface is a "plus" sign and below that is the VPN interface....
I'll try that right now.... thank you very much
works like a charm....
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.