I'm somewhat new to IPSEC VPNs on Fortigate, and am having some trouble figuring out how to send all local traffic (including from the Fortigate itself) over the tunnel to the hub site. Our security policy dictates that we don't do any split tunneling, which includes traffic originating from the firewall, switch, and APs at the site talking to Fortinet. We have no issue with user traffic, which is working perfectly, but traffic that originates from the secure fabric is not going across the tunnel for licensing and registration and such.
I'm sure it's something simple...
Check the below doc : https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955
Also you can check : https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/520377
Here you can choose your config and go ahead and check the config if it correctly added or not.
To force all local traffic, including traffic originating from the FortiGate itself, to go over the IPsec VPN tunnel, you'll need to set up a specific policy and routing configuration.
Hello Absolut0128,
May I know if the fortigate is in HA or standalone?
Could you please refer the below link
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Self-originating-traffic-over-IPSec-VPN-Fo...
Regards,
Nagaraju.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.