Configuring hub to hub tunnels
FortiManager VPN Manager supports building Hub-to-Hub tunnels, when VPN Community contains two Hubs. All we need to do is to specify a Hub-to-Hub underlay port for each Hub.
Edit each Hub in both communities and set the right Hub-to-Hub port ( port1 for OL_INET Hubs, port4 for OL_MPLS Hubs):
Now run Install Wizard for the DC policy package and, right before completing the installation, click on “Install Preview”:
You will see how FMG creates two Site-to-Site IPSEC tunnels, one over each underlay. Note the naming: FMG is using the ID of the remote Hub for each tunnel, so it is again predictable, since we have manually set the Hub IDs via Postman.
Complete policy installation.