we have some FortiGate 30D in our branch offices their are conncted to our HQ FortiGate (IPSec Tunnel with active policy route to route all traffic through VPN tunnel). Routing is working fine in branch offices.
Now I have created a script for daily backups (export full-config to tftp server).
Script is working fine, but only in HQ. All 30D devices are getting a time out, see attachment.
Could someone say me why remote HQ network 172.16.0.0/16 is not reachable when I'm using FGT CLI ?!
Hi I am also facing the same problem we want to take the configuration backup on the AWS instance
Between AWS and my office, we have site 2 site VPN tunnel
I am able to ping AWS instance over the VPN from the laptop and same from the AWS to laptop but from firewall if I execute pin x.x.x.x it not pingable to aws until I use source command and provide the source IP. Now I want to take configuration backup of the fortigate firewall using command execute backup config tftp <backup_filename> <tftp_servers> <password> back configuration is not executing over the Site 2 site VPN but on the other hand, same command is working for my LAN tftp server
Original post was for over site-to-site VPN and the source/IPSec interface IP was 10.255.255.6. Probably it was not included in phase2 network selectors to go into the tunnel.
I don' t know AWS's VPNs but is it allowing traffic souced from the VPN interface IP? You can check it if you set the ping-option source to be the interface IP (169.something?) toward the TFTP server. If you can't, you probably want to ask AWS support for help.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.