Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

VPN Site to Site - access to multiple subnets

Hello Everyone, I would like to know your opinion about the following settings. Using wizard (with a little manual correction) I connected HQ and Branch via Site-to-Site VPN tunnel. In HQ I've two LANs ( and, In Branch I've one LAN - How to set up this tunnel to allow computers from the Branch LAN to connect to the both LANs from the HQ? (clearer explanation in the picture).   I did it using additional entries in Phase2 in the both FTG and necessary entries in the IPv4 policies. It's working well but I don't know if this is the right way (?) There is other easier (better) solutions? What do you think about it?


p.s. 1.

I'm using FTG 60D, 5.4.0 and 5.2.4 OS


p.s. 2.

sorry for the simple English.


Valued Contributor

wouldn't you place the policies on the main fortigate to allow the remote subnet to access the other internal networks. Then just have routes on the remote that says to get to lan 1 and 2 go to REMOTE interface?


Hi there, 


Could you please provide some more detailed steps for a novice user? :)


Many thanks!