Create FortiGate GRE Tunnel.
Generic Routing Encapsulation (GRE) can provide a private, secure path for transporting packets through an otherwise public network. It does this by encapsulating the data packets and redirecting them to a device that de-encapsulates them and routes them to their final destination. This allows the source and destination switches to operate as if they have a virtual point-to-point connection.
NOTE: It works on Layer 3
Mostly we use GRE tunnels to help get routing protocols such as OSPF/EIGRP/RIP to share information with other devices across a VPN tunnel, but it’s also is a wonderful troubleshooting option, like for when an MPLS may be blocking traffic.
Creating GRE between 2 sites (A & B)
SITE A:
config system gre-tunnel
edit “GRE-to-SITEB”
set interface “WAN1”
set remote-gw 2.2.2.1 — Remote firewall WAN IP
set local-gw 1.1.1.1 — Local FW WAN1 IP
next
end
config system interface
edit “GRE-to-SiteB”
set vdom “root”
set ip 192.168.254.1 255.255.255.255 — Local Tunnel IP
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.2 — Remote Tunnel Endpoint IP
set snmp-index 65
set interface “WAN1”
next
end
SITE B:
config system gre-tunnel
edit “GRE-to-SITEA”
set interface “wan1”
set remote-gw 2.2.2.1
set local-gw 1.1.1.1
next
end
config system interface
edit “GRE-to-SITEA”
set vdom “root”
set ip 192.168.254.2 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.1
set snmp-index 8
set interface “wan1”
next
end