| Description |
This article describes that NP7 supports offload for the GRE tunnel. Refer to the fast path requirement for more details: NP7 session fast path requirements
For example, the below topology: The GRE tunnel can be communicated using ISP1 via port1 or ISP2 via port2 to the loopback interface. The GRE setup is as:
set interface "lo1" set remote-gw 192.168.189.1 set local-gw 192.168.188.1 next
When the GRE is set up first using ISP1 to remote and there is an event of route change for the GRE remote-gw from port1 to port2, the below behavior will happen:
Routing table: S 192.168.189.1/32 [10/0] via 192.168.0.2, port2, [10/0] [10/0] via 10.47.16.48, port1, [100/0] <----- port1 priority become higher.
Capture done on the uplink device(s) connected to FortiGate port1 and port2:
The first two packets will flow correctly to the new path (port2) as the traffic is handled by FortiOS. However, the rest of the traffic will still flow using the old path(port1) once the traffic is offloaded to the NP7. |
| Scope | FortiGate with NP7. |
| Solution |
config firewall policy edit 3 set name "LAN>GRE1" set srcintf "port9" set dstintf "GRE-1" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set logtraffic all set auto-asic-offload disable <----- next end
Note: The traffic going through the GRE tunnel will not be offloaded. |
