Spoke to Spoke(both spoke and Hub in same region) Communication Via FortiGate firewall(HuB)

Hello Community members


I have one question here

I have   three spokes and Hub which in same region.

How do I force communication via a Hub Firewall because 


Spoke 1

Spoke 2


Hub :


for Firewall both spoke traffic is coming from the LAN interface of firewall and as per rule I cannot create policy as source is same interface .

But I want to introduce firewall in between two spokes.


How this can be achieve.

you have your HUB vnet with the Firewall in place. Then you need a peering from hub to Spoke 1 and a peering from hub to spoke 2... within your spokes all subnets need an UDR with at least one route > next hop IP of your Fortigate (internal interface)