I am trying to build a lab for SDWAN using the Fortigates and ADVPN as
it is similar to a client environment that I support. The tunnels come
up fine and BGP comes up find as well. However, the PCs cannot ping each
other. The firewall rule is pretty ...
Here is a session capture through the Hub. (Note: I never see the packet
leave the firewall (this is consistent with the problem before and what
I am seeing across all four sites): 2024-03-05 07:28:44 id=65308
trace_id=1 func=print_pkt_detail line=58...
Here are the system interface configs: (Hub)edit "advpn-hub"set vdom
"root"set ip 172.30.0.1 255.255.255.255set allowaccess pingset type
tunnelset tcp-mss 1360set remote-ip 172.30.0.2 255.255.254.0set
snmp-index 9set interface "port1"set mtu-override...
All the IPs on the Internet side are reachable from all firewalls, so
they can ping the external addresses. Here are the phase-1 configs:
(Hub)config vpn ipsec phase1-interfaceedit "advpn-hub"set type
dynamicset interface "port1"set peertype anyset n...
The set add-route disable is configured on all the tunnels on all four
firewalls. IPs are configured correctly on the tunnel interfaces. on the
HUB, the remote-ip is a DUMP not used by any spoke with the correct
subnet. on the SPOKEs, the remote IP i...
I want to work on this issue again. I have rebuilt the lab from the
ground up and I am running into the same problem. Here is the current
setup.No matter which site choose, the traffic never go past the
firewall. The routing and VPN tunnels seems to ...
