Hello, I am looking for a solution to the problem, I have 2 fortigates connected via an Ipsec tunnel, I would like the second fortigate to have the same network as the first one but without nating.
the first fortigate on which I have the entire network is fortigate 100f, I would like to have several vlans from this fortigate on the second fortigate 60 which is in the second location and they are connected by ipsec
is this possible to do?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Alkal
Didn't try it before but VxLAN over IPsec could be your solution.
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/821119/vxlan-over-ipsec-tunnel
Hope it helps.
I don't understand how it would work I would have to see it on some example
fortigate are in two separate branches, xvlna unfortunately not possible on fortigate 100f I don't have the possibility to change the current port configuration I was thinking more about transparent mode
I don't see how you can resolve it with transparent mode.
Furthermore if my memory is good there is no VPN in transparent mode.
If VxLAN is not available in 100F then I think your last option is to use DNAT on both sides.
in transparent mode on os 7.2.9 you can set up IPsec but there is no phase1-interface and phase2-interface, there is only phase1 and phase2
my problem with XVlan is that I can't make a virtual switch on the fortigate 100 side where I have an aggregation and all vlans on this aggregation, these vlans already have other references that I can't remove
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/821119/vxlan-over-ipsec-tunnel
In that case does the interface migration wizard help?
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/885870/interface-migration-wizard
I can't migrate it because the aggregation where these vlans are is connected to the core switch and they are used in the network in the first location
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.