GRE tunnel, modify remote-gateway

I don't think you can modify the tunnel entries after it's configured. You can edit  a save cfg file  and then do a restoral.

or delete the tunnel and create it again.

Dear all,

Thank you for your help. It's a bad new, this firewall is in production and i can not reboot it as i want. I have a lot of policies so it is impossible to delete and renew the tunnel :(

In this case the best way is changing your configuration from backup and restore it as emnoc said.

Ok thank you very much.

Keep in mind  a configuration  restoral is going cause a reboot.

I think another trick would be o place the interface into a zone before you nail policies and then you add the new GRE tunnel into the same zone and delete the old one. But that would also require you to "remove" all policies in your case.

e.g

config system zone     edit "mytunnel"         set interface "tun1" "tun2"     next end

and

config system gre-tunnel     edit "tun1"         set remote-gw 199.111.111.1         set local-gw 10.10.80.1     next     edit "tun2"         set remote-gw 199.111.111.2         set local-gw 10.10.80.1     next end

But once you place these into a tunnel, you can  nail  a policy to just one tunnel, but it will allow you to add or remove tunnels if the need comes up. You don't have to 1+ interfaces in a zone, So you could place one member ( tun1 ) and then if tun1 ever needs to change, you add tun2 and delete tun1.

Either way, it's not a simple  1 2 3 , but with proper planning you can eliminate most of the hassle. And I wish Fortinet would remove this restriction and allow you to re-edit the gw ip_address

YMMV

Hello emnoc,

Thank you for your great help. Your idea about creating a zone looks wondurful for my situation. I think i'll do that :)

As you said, Fortinet should remove this restriction, it is a non-sense.

Bests Regards,

Vincent.