I need branch network subnet to access the internet through HQ firewall | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Docs Library, KB
Fuse
- Fuse Fortinet User Community

Mark Thread UnreadFlat Reading Mode ❐

Hot!I need branch network subnet to access the internet through HQ firewall

Author Post Essentials Only Full Version
cybernet2025 New Member Total Posts : 4 Scores: 0 Reward points: 0 Joined: 2020/12/06 17:26:37 Status: offline 2021/01/15 17:28:17 (permalink) 0 I need branch network subnet to access the internet through HQ firewall I need to route traffic from some branch network subnet to access the internet through HQ firewall via VPN IPsec site to site tunnel. Please advise me to solve this issue. Please see attached file for a detail. I need 10.2.2.0/24 at the right side to access the internet through HQ firewall at the left side. Attached Image(s) #1 2 Replies Related Threads
ede_pfau Expert Member Total Posts : 6466 Scores: 557 Reward points: 0 Joined: 2004/03/09 01:20:18 Location: Heidelberg, Germany Status: offline Re: I need branch network subnet to access the internet through HQ firewall 2021/01/16 02:57:51 (permalink) 0 hi, without going into greater detail here, this is a matter of routing and policies. The hosts on BR port4 need to have their default route point to the tunnel. Easy to do if you employ DHCP. Even easier if you allow ALL internet traffic to go to HQ, that is, including from the subnet on port3. If needed, you can assign (random) IP addresses to both ends of the tunnel (in the phase1 setup) which you can use as the routing gateway then. Then, in the VPN tunnel parameters, phase2, use wildcards for the networks (= '0.0.0.0/0'), instead of the known subnet addresses. In BR, you will already have a policy from LAN/port4 to the tunnel, I guess. In HQ, create an additional policy from tunnel to internet, enable NAT. In HQ, you will already have a route to the BR network on port4, pointing to the tunnel, and a policy allowing LAN to tunnel, I guess. Ede " Kernel panic: Aiee, killing interrupt handler!" #2
cybernet2025 New Member Total Posts : 4 Scores: 0 Reward points: 0 Joined: 2020/12/06 17:26:37 Status: offline Re: I need branch network subnet to access the internet through HQ firewall 2021/01/16 16:49:26 (permalink) 0 In BR, you will already have a policy from LAN/port4 to the tunnel, I guess. In HQ, create an additional policy from tunnel to internet, enable NAT. In HQ, you will already have a route to the BR network on port4, pointing to the tunnel, and a policy allowing LAN to tunnel, I guess. ==== Yes I have done. Please see attached for the details. If I configured routing 8.8.8.8/32 at BR to tunnel it's worked but it's effected to another network on branch firewall too. I don't want to do that I just need it to effect only 10.2.2.0/24 subnet. I want all traffic of 10.2.2.0/24 to route to tunnel and access the internet through HQ firewall. ==== HQ Policy BR Policy post edited by cybernet2025 - 2021/01/16 16:54:48 #3

Jump to:

© 2021 APG vNext Commercial Version 5.5