Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
marshalisms
New Contributor

Route all traffic on physical port x over IPSEC Tunnel and port 2 straight out WAN

I have a site-to-site VPN established between remote office A and Corp Headquarters.  Currently, all traffic from site A goes through the tunnel to corp, including internet traffic.

 

What I would like to accomplish is this:  Any traffic going through physical interface 1 goes through the tunnel and all traffic connected to physical interface 2 goes out the WAN and NOT through the tunnel.  The end goal of this is that anyone on WIFI would not be able to touch the corp network for security purposes. 

 

Is this possible?  I played around with it some but was not able to get it to work.

1 REPLY 1
Toshi_Esumi
Esteemed Contributor III

You have to isolate/identify the traffic from WiFi first before you can re-direct the traffic to either interface1, 2 or any tunnels. If they're destined to interface1 or interface2, it's too late to yank them out and re-direct somewhere else. It's already mixed with other "corporate/enterprise" traffic. And more importantly it wouldn't satisfy the security audit/standard like PCI-DSS. We regularly do it at least with vlans, or vdoms if the auditor has more strict standard.

Once you separate it, you can re-direct wherever you want let it go.

 

Labels
Top Kudoed Authors