Hi, it is a well known problem, we have Fortigate on AWS and have to
connect to two different customers by VPN with overlapping remote
subnets on their side: Let's say it is not possible to do NAT on the
customer firewalls. There are two scenarios: 1...
Hi, we have deployed a Fortigate cluster on AWS cloud, mostly used as a
VPN/NAT-Gateway. Now as you usually have no network layer 2 on AWS,
there is no ip/mac failover. As the cluster members are deployed in
multiple subnets/availability zones, the i...
Hi Graham,it is more a "convenience" thing:We were starting with a
"plain" vip without specifying port forwardingRan into the issue that it
overrides even the "ippool" setting for outgoing SNATAs workaround
configured port-forwarding with full port r...
Hi Sachin, thanks, this clarified it. However we were seeing that it
also makes a difference if you are using just a "vip" (which forwardis
all ip) or a "vip with port-forwarding":only vip even overrides the SNAT
ippool for traffic originating from t...
Thanks for the suggestion. I see, as we are using Linux as the OS on the
server side, we could - in respect of the Linux configured dynamic port
range which is 32768-60999 by default - limit the port forwarding on the
VIP to the lower ports, e.g. 1-3...
Was there any solution for this? We have exact the same scenario - in
our case it is even worse because we cannot use VDOMs on our end
(otherwise it would've been possible using VRFs and another VDOM). The
key feature to make a scenario like this wor...
No VxLAN is not a solution, the firewalls on customer side are 3rd party
products and we have to keep the configuration as straightforward as
possible.Also there is no access customer 1 <-> customer 2 required.
Only connections between the customer s...
