Sunday, September 13, 2015

GRE tunnels fortigate

In this example, I will show you just how simple it is for building a GRE tunnel. In this case, I have 2 vdoms ( root and custA ). We will source the  GRE tunnels using the vdom-interlinks between the 2.

With  Fortinet method, you define the GRE tunnel under config system gre-tunnel  and  then you can modify the  parameters of this interface under the
config system interface.


Now here's the cfgs.

And a simple ping across the  output interface and capture.

 I've toggle the data pattern with 0101 using the execute ping-options

Take away points;

1: GRE has overhead so the 1500bytes mtu will not fit over this link
2: treat the actual GRE interface like a point 2 point link ( no arp )
3: ensure that the GRE end-points are  reachable
4: you can enable any allowaccess methods such as ping ssh https http
5: be aware of any trusthosts settings
6: no firewall-policy is needed for packets source from  the firewall for GRE

Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
      /  \

1 comment:

  1. Good post. I learn something totally new and challenging on blogs I stumble upon on a daily basis. It will always be interesting to read articles from other authors and practice something from their websites...
    GRE Coaching in Chennai | GRE Training institutes in Chennai