I would like to know your opinion about the following settings.
Using wizard (with a little manual correction) I connected HQ and Branch via Site-to-Site VPN tunnel.
In HQ I've two LANs (192.168.1.0 and 192.168.2.0),
In Branch I've one LAN - 192.168.0.1.
How to set up this tunnel to allow computers from the Branch LAN to connect to the both LANs from the HQ? (clearer explanation in the picture).
I did it using additional entries in Phase2 in the both FTG and necessary entries in the IPv4 policies. It's working well but I don't know if this is the right way (?)
There is other easier (better) solutions?
What do you think about it?
wouldn't you place the policies on the main fortigate to allow the remote subnet to access the other internal networks. Then just have routes on the remote that says to get to lan 1 and 2 go to REMOTE interface?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.