Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gniedy
New Contributor

Route Situation

Hi All,

Greeting, i hope all Engineerings here have a nice day.

i have a scenario and hope to find help.

 

i have fortinet at my enviroment but without vpn license so i created the vpn on my juniper router. i have another office at another city where i configured the vpn with them. i connected the router with fortigate by HA port and internal network with a local port. the ha port have a static ip 41.x.x.x and the internal network has three ip ranges 10.x.x.x , 192.x.x.x and 172.x.x.x

i have to connect the router to my internal network to make users able to connect the vpn. can i make route table on my fortinet by HA port to avoid connecting the router to internal network. i tried a policy route route but it avoided users to use the internet. then i tried a static route with priority configuration but nothing happened.

4 REPLIES 4
gniedy
New Contributor

No one can help me?

isamt

Hi,

It's not clear what it is you are trying to do.

For one you do not need a license to run a vpn on the Fortigate, license is only needed to do web filtering, AV, IPS scanning etc.

 

So you could create the vpn directly to the Fortigate.

 

Let us know what you are trying to achieve and if possible a diagram.

From what you describe should be very easy to configure what you need.

 

gniedy
New Contributor

Hello ismat,

 

all what i need to to route internal users and allow them access other office systems without connect the router to internal network

 

Router Ip: 41.x.x.x

Fortigate Ip: 41.x.x.x ( Ha IP )

Internal Ip: 10.x.x.x

other office 

IP: 10.x.x.x

IP: 192.x.x.x

 

how could i make a route table on fortigate and can i create vpn on fortigate although there is vpn on router can both work?

isamt

Yes, you can have both vpn's running if you want.

 

In routing terms you have to make sure whatever route the client takes to get to the remote site, the remote site routes traffic back the same way or you will get asymmetric routing which many applications don't like and will not work properly.

 

So in the local site, you would need to route the traffic for those users you want to use the Fortigate vpn to the Fortigate.

On the Fortigate you would just need a route for the remote subnet, pointing to the vpn tunnel.

You would also need to add a policy for the Lan to Remote site over the vpn tunnel.

 

At the remote site, you would need a route back to those users at the local site to get to those users subnet back across the vpn tunnel to the Fortigate. Other traffic can be routed to the other vpn tunnel.

 

So the crunch in this situation is making sure outbound traffic routes to the Fortigate and then at the remote end the return traffic comes back via the Fortigate vpn tunnel. 

Labels
Top Kudoed Authors