HI,
I had to do an extensible networks for disaster recovery (VMs are replicated to another ESXI Host).
I can make it work but if I provide an IP to my Fortigate. I can browse Internet but not all websites.... I have timeouts with certificate error.
Are VXLAN designed for these purposes ?
Did someone implement something approching ?
Thanks !
Thanks.
Hello,
Yes, you can use associated software-switch as a gateway and go to internet. However, you need to have in mind that with Vxlan MTU is decreased. And this is often a problem, especially with TCP and with TLS applications. So on firewall policy from software-switch to your external interface, you can decrease TCP-MSS values to lower values (you can try multiple like 1400, 1350, etc) and retest:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.