Hi, I am facing some problem to connect my forticlient users with google cloud. If you have any solution please share.
1) Forticlient users are connected to Fortigate via IPSEC VPN. Forticlient users IP Range: 192.168.30.0/24
2) Fortigate LAN to Google cloud Servers are connected via separate IPSEC VPN.
3) So how the forticlient users will be able to access the servers in google cloud. Please check the attached image for details .
What is your configuration at the hub and spoke to GCP?
Are you using quad 0.0.0.0/0 TS ? or are you specific TS?
How does GCP learn of the routes at the cloud gateway?
Is the Forticlient tunnel all or split? if later, are you advertising the GCP address range to the clients?
So many questions you have to research and provide answers.
Ken Felix
PCNSE
NSE
StrongSwan
IN GCP two servers are connected in private network. GCP and HQ fortigate have a IPSEC tunel using specific TS.
I have created static route towards ipsec tunnel from HQ to GCP and vice versa
Forticlient configured with split tunnel.
Can you please elaborate a standard process for my situation.
cmd.exe "netstat -nr" on machine hosting the forticlient, do you have GCP destination?
diag debug enable
diag debug flow filter daddr x.x.x.x
diag debug flow filter saddr y.y.y.y
diag debug flow show console
diag debug flow trace start 20
# x.x.x.x == something in GCP
# y.y.y.y == FC assigned address
Initiate traffic some and investigate
Does the FGT show any action? Does it find a route? a policy? allow or drop? Encrypted or not ? Is nat disable or showing up?
Many questions , you have to do some 1st level trace and debug
Ken Felix
PCNSE
NSE
StrongSwan
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.