Hello,
Sorry if this question has been responded to earlier - but I struggle to find exactly what to search for. Im quite new to fortigate products - and I need some help with this issue.
We have one main location, where our different sites are connected (see attached drawing). We want to allow traffic coming from one location (site) to enter the main location, and then be allowed to also connect to the other vpn sites that are connected. I would also like some help in the correct name/term used to explain this traffic. Meaning that clients on the one site, can access servers/clients on the other sites that are connected to the main VPN connection.
If someone could give me a short explenation on how this is setup in the Fortigate GUI/web interface, it would be much appreciated.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Welcome to the forums.
It's basically just routing. In order for this to happen on a Fortigate, the VPN tunnels should be configured in interface mode. Once this happens, policies can be built between interfaces (AKA tunnels or sites) just like any interface native to the firewall. That is a very general explanation, but it's accurate.
Bob
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Thanks for your reply!
I was hoping somebody could give a close description of the theory behind it and setup. Right now I have two vpn tunnels setup (site-to-site) on my primary fortigate/HQ. But clients on one site cant reach the people on the other site. Both both can without problem reach the clients connected to the HQ site.
There are some examples of hub and spoke configurations that allow communication between the spokes in the online manuals. The examples include both the routing and the security policies needed.
For 5.4.x hub and spoke examples:
Note that if your various spokes or the hub have overlapping subnets you'll have to work around that. A cookbook article on this is at http://cookbook.fortinet.com/vpn-overlapping-subnets/.
For safety/security, you should use local-in policy to blackhole all RFC1918 private networks unless they go through your VPN, so that if your VPN is down you don't accidentally route vpn traffic elsewhere. Discussion at:
https://forum.fortinet.com/tm.aspx?m=100686 and https://forum.fortinet.com/tm.aspx?m=87069#87069.
Hope this helps.
I need help on the same matter, we have 3 location (A, B AND C ) in the different part of the country...
lets A be HQ and B and C are the branches.
now, how can I configure on FortiGate so that A, B, and C can be communicated with each other?
Please explain me the procedure in details ...thnx
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.