Hello, I have 2 branches that have 3 links each (this due to the instability of the ISPs). In both branches I have the same 3 ISPs. 2 of these ISPs do not offer a public IP, but rather an IP from their LAN (CGNAT), I want to connect these branches via VPN through these ISPs, I talked to the carriers and there is no way they forward a port to my branches. I read in a similar question that this can be solved using a hub-to-spoke VPN, placing the hub in some cloud or site with a fixed IP and making my 2 branches spokes. is there a tutorial on how to do this?
the services i want to comunicate are:
voice, BD´s, and web internal servers
Hi @Igneus,
Hub and spoke is referred as ADVPN. You can refer to https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/820072/advpn-with-bgp-as-the...
There should be a way to do port forwarding on the ISP side to forward traffic to FortiGate IP address. Even a home based ISP modem is able to do that.
Regards,
Hi @hbac
Thanks for the answer, the problem with the ISP is that the nat is on my modem and in the router of my carrier something like forti WAN GW is: 192.168.100.1 the modem of my isp GW is 169.100.201.x dinamically assigned. and if i ussed whats my public ip theres another ip. CGNAT
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.