Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
icoskun17
New Contributor

VPN Branch to HQ Internet - Specific Interface Only

Hi,

     I have 2 Fortigates.  I need devices connected to one physical interface on the Branch Fortigate to use internet from the HQ Fortigate.  All other traffic on the Branch (other interfaces) can use local WAN interface for internet.

How do I do this?

Thank You

Ismail

1 REPLY 1
MattyG2787
New Contributor

This should be in another thread but the simplest (cleanest) way is via SD-WAN rules

 

Create your first SD-WAN rule to have 

Src - HQ source

DST - all

Included Members - HQ Link

Services - all

 

Second rules

Src - Other IP Ranges

dst All

Included Members - Local WAN

services all

 

This also pootentially allows the local internet to be used in case HO link drops (by changing second source to all)

 

Labels
Top Kudoed Authors