We are about to setup a new tunnel with another office which has a subnet that is in our encryption domain. The new office has a Fortinet cluster but they also have an 192.168.0.0/22 subnet. The diagram shows our current Checkpoint star community and we need to connect two sites to this cluster. I am interested in how would people suggest we best deal with this? I am guessing if we cannot change the subnet at one end then we will need to NAT the entire subnet at the Fortinet. I currently have the 3 checkpoint clusters setup as centre GW's in the start community so I assume it would be better to add the Fortinet as a satellite to the same community rather than create two new ones (connecting site 2 would not be a problem).
![Capture.JPG Capture.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/11669i5CED1DFD2AF406EB/image-size/medium?v=v2&px=400)