A IPSEC tunnel is already working from the main office to the Web App (3rd Party). What we need is traffic destined for the third party to pass through the main office from the remote office, which already is using an IPSEC tunnel for traffic to the main office. The company has only paid for 1 VPN tunnel, so I can't go directly from the remote office. I would appreciate any help. If more information/images are required, please let me know.
Both the remote and main office firewalls are using Firmware v7.2.5 build1517 (Feature)
If you can't change the VPN configurations in the 3rd party side and if it's configured to reach only one subnet than a solution could be to NAT the requests coming from the Remote office using one of the IP of the Main office.
Hi @FTAdmin,
You will need to add 3rd party and remote office networks to phase2 selectors of IPsec tunnels and create firewall policies to allow traffic between 3rd party and remote office tunnels.
Regards,
Edit the phase 2 selectors of the main office IPsec tunnel to the 3rd party to include the remote office network the workstations are using?
@FTAdmin You need to follow steps as below:
1. You need to add 3rd party address in phase-2 selectors of main firewall if that traffic is behind main firewall
2. You can configure SNAT/DNAT for this traffic to moved traffic from main to third party web app if traffic is doing NATing after hitting to main firewall
User | Count |
---|---|
983 | |
818 | |
446 | |
440 | |
130 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.