Hello everyone, Im curious if there is a way to filter inbound IPSec VPN
connections by source address per tunnel on Fortigate. So far i saw that
you can do it if you use IKE v2 and select the option "set
remote-gw-match", but this only allows any, i...
Hello everyone, I have two fortigate units in standalone mode and both
have asymmetric routing enabled. I would like to re-design my network in
order to not enable asymmetric routing since enabling it is a (very) bad
security practice. So, here is th...
Hello everyone, Where i work we have a Fortigate 400E unit and I have
some doubts on how to manage internet access for some of the users, we
are using the profile based mode: Heres the scenario:Sales department
have a firewall rule "Sales department ...
Yes, i know that, but we come from SSL/VPN where this was easily
achieved using authentication rules, and we wanted to know if the same
could be achieved (somehow) with IPSec VPNs.
I already use that, to filter the source address as much as posible.
Unfortunately some people are allowed to connect from any IP address on
my country, so that makes the scope on the local-in policy to be
broader.
Hello everyone, After all, I believe that the best thing to do here is
get two small switches to put in the middle of the FG units and the L3
switch that is far away, in order to solve the problem of the links
termination. So if one FG unit fails, th...
I thank you for the fast responses and all the documentation and help
you have provided me on this matter. Seeing the HA documentation of
Fortigate units I saw this:
https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/668583/fgsp
...
Yes, but i can only do that on one side of the diagram, because the
other L3 switch is physically separated, so the only thing that i have
on that side are the two fiber cables of the WAN link.