Sunday, September 13, 2015

GRE tunnels fortigate

In this example, I will show you just how simple it is for building a GRE tunnel. In this case, I have 2 vdoms ( root and custA ). We will source the  GRE tunnels using the vdom-interlinks between the 2.

With  Fortinet method, you define the GRE tunnel under config system gre-tunnel  and  then you can modify the  parameters of this interface under the
config system interface.







   





Now here's the cfgs.



And a simple ping across the  output interface and capture.


 I've toggle the data pattern with 0101 using the execute ping-options


Take away points;

1: GRE has overhead so the 1500bytes mtu will not fit over this link
2: treat the actual GRE interface like a point 2 point link ( no arp )
3: ensure that the GRE end-points are  reachable
4: you can enable any allowaccess methods such as ping ssh https http
5: be aware of any trusthosts settings
6: no firewall-policy is needed for packets source from  the firewall for GRE


Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
       o 
      /  \


No comments:

Post a Comment