Trying to manage monitoring and security systems for two locations out main office; in order for this to work our security company wants 3 ports on a switch and remote office that will connect to the main office network.
Can I create a site to site VPN for only specific ports or devices?
Main Office using Fortigate 100E (static external IP) internal network 10.20.0.1/255.255.254.0
Remote Office using Fortigsate 100F (static external IP) internal network 10.20.0.1/255.255.255.0
Your description of requirement is a little unclear.
But since intention seems to be allowing only a small sub-group of the remote office' network, rather than specific devices/users, to be able to connect to the main office, I would separate a subnet for the sub-group, those three ports of the switch, likely with a new vlan access ports, then terminate the vlan at the 100F. If you want, you can set up a DHCP server separated from the current subnet/interface.
Once you separate the subnet, it's very easy to create a site-to-site VPN specifically for that group to the main office.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.