Hi,

We are moving our filtering to the cloud and want to direct a local subnet through a GRE tunnel for filtering. I have set up a GRE tunnel, firewall rules and a Policy Route, but traffic is not going through the GRE (although its trying looking at FortiView).

Config:

config system gre-tunnel edit “GRE-to-Filtering” set interface “wan1” set remote-gw x.x.x.x — Remote firewall WAN IP set local-gw y.y.y.y — Local FW WAN1 IP next end

config system interface edit “GRE-to-Filtering” set vdom “root” set ip 169.254.1.1 255.255.255.255 — Local Tunnel IP set allowaccess ping set type tunnel set remote-ip 169.254.1.2 255.255.255.255 — Remote Tunnel Endpoint IP set snmp-index 65 set interface “wan1” next end

This is the information I have been given by the filtering company: Remote Outside IP: x.x.x.x Remote Inside IP: 169.254.1.1 Filter Inside IP: 169.254.1.2 Inside Broadcast IP:169.254.1.3

I only want certain subnets to go through the GRE tunnel so created this Policy Route:

Incoming interface: LAN

Source address: (required subnet to be filtered)

Action: Forward traffic

Outgoing interface: GRE-to-Filtering

Gateway address: 0.0.0.0

FW rules:

GRE-to-filtering -> Trust : Source: all / Destination: all / Service: all / NAT: no

Trust -> GRE-to-filtering: Source: all / Destination: all / Service: all / NAT: no

Any help appreciated!