Meraki

ocuevas · ‎Jul 18 2019

Hi community

I've a problem with VPN non-meraki vs Fortinet.

I need pass only IP to match with Forti, but meraki only allows pass subnets, no IPs, and I don't knwo how do to fix that.

Regards

Nash · ‎Jul 18 2019

Pass the entire subnet, then setup a site-to-site VPN firewall rule to only allow traffic between the authorized IP addresses.

Note that it LOOKS like there's an inbound firewall section, but there's not. There's only outbound rules.

Windows 10 Client VPN scripts: Makes life better!

ocuevas · ‎Jul 18 2019

Hi dear Nash.

Thanks for your request, but the problem is with the Fortinet, because it has not change this, it send only an IP, not a subnet.

Regards

Nash · ‎Jul 18 2019

The Fortinet will need to send the full subnet in order for the tunnel to come up. Sorry. 😕 It's a real bummer, and not as secure/granular as I would like.

Windows 10 Client VPN scripts: Makes life better!

ocuevas · ‎Jul 18 2019

Hi Nash.

Thanks for all.

I'll call to Fortinet.

Regards

BrechtSchamp · ‎Jul 19 2019

What do you mean by "only an IP". You can setup tunnels with (one or multiple) /32 subnets which are a single IP?

Nash · ‎Jul 19 2019

@BrechtSchamp The Meraki end will send its full subnet, won't it? Remote end can totally be a /32.

I think I was assuming that @ocuevas wanted to send only a single /32 IP from the Meraki end to the Fortigate end.

Windows 10 Client VPN scripts: Makes life better!

BrechtSchamp · ‎Jul 19 2019

Ah yes I see. I forgot that the local subnet isn't specified in the configuration but rather automatically used.

brad1 · ‎Jul 18 2019

I would contact Fortinet and ask them what they would suggest.

Meraki

Community

How to pass an only IP between VPN Site-to-site vs Fortinet

How to pass an only IP between VPN Site-to-site vs Fortinet