Example scenario - Forced Next Hop

This section provides a simple example on how to configure Office 365 to route directly to the internet whereas other web traffics are routed through the cloud service using the GRE Tunnel.

Example of a Forced Next Hop routing

Table 1. Access rule 1
Source Destination Services Action
Intranet Any Office 365 Allow

Here, the Office 365 traffic is routed directly to the internet using the normal routing table.

Table 2. Access rule 2
Source Destination Services Action
Intranet Any http or https

Allow

Forced Next Hop (IP Address behind the GRE Tunnel.

Here, the Forced Next Hop feature is configured for other web traffics, and hence other web traffics are routed to the cloud service using the GRE tunnel.

Note:

When the traffic that match the Access rule which has Forced Next Hop configured:

  1. Address specified in the Forced Next Hop is used in the route lookup instead of the destination address of the packet.
  2. Reply packets of the connection are allowed in antispoofing, like they come from the IP Address that is specified in the Forced Next Hop configuration.