Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

static route over ipsec tunnel for exchange dag group - same subnet mask

few months back at our main site we setup two exchange 2013 servers each with static IP range.

for the DAG traffic it was recommended we use different range, so we gave the 2nd NIC on each exchange server an IP in the range of for the DAG traffic only.


so now we are looking at adding a 3rd exchange server at a remote site, and it needs to be added to the DAG group.

remote site is connected via IPSEC tunnel to main site.  remote site network is


so for the DAG traffic, I need the 2nd NIC on the exchange server at the remote site to have IP in


how would I be able to route this traffic, or can I?


can I create a static route on the main site fortinet so that any traffic going to goes over the IPSEC tunnel to the remote site?

and then at the remote site, static route so that any traffic going to and goes over the IPSEC tunnel to the main site?




Valued Contributor

You can't route within the same subnet since the Server will assume the IP to be within his own net and won't bother sending it's packages to the FortiGate


so I set the dag group at the remote site to its own subnet, but DAG groups cannot have a gateway, so can I do static route for this traffic without a gateway?


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors