To set up a GRE tunnel between Netskope and a FortiGate firewall and create a second static route with the same distance but lower priority, follow these steps:1. Create the GRE Tunnel in Netskope:
- Navigate to Settings > Security Cloud Platform > GRE.
- Click New GRE Configuration.
- Enter the required details and save the configuration.
- Copy the GRE Gateway IP addresses of the two closest Netskope POPs.2. Configure the GRE Tunnel in FortiGate:
- Use the following CLI commands:
shell
config system gre tunnel
edit "GRE NETSKOPE"
set interface "port1"
set remote gw <Netskope POP IP>
set local gw <Local IP>
next
end 3. Configure the GRE Interface:
- CLI commands:
shell
config system interface
edit "GRE NETSKOPE"
set ip 192.168.254.1 255.255.255.255
set allowaccess ping
set interface "port1"
next
end 4. Create the Static Routes:
- First static route:
shell
config router static
edit 1
set distance 5
set priority 10
set device "GRE NETSKOPE"
next
end - Second static route with the same distance but lower priority:
shell
config router static
edit 2
set distance 5
set priority 20
set device "GRE NETSKOPE"
next
end 5. Verify the Routes:
- Use the following command to verify that the routes are installed correctly:
shell
get router info routing table all
If the second static route does not show up in the route table, ensure that the digit numbers used in the edit commands do not overlap with existing policies and that the configuration is correctly applied.For more detailed steps, refer to the Netskope GRE with Fortinet FortiGate guide.
Reference documentation:
https://docs.netskope.com/en/netskope-help/integrations-439794/ipsec-and-gre/netskope-gre-with-fortinet-fortigate/