Example scenario - Forced Next Hop
This section provides a simple example on how to configure Office 365 to route directly to the internet whereas other web traffics are routed through the cloud service using the GRE Tunnel.
Example of a Forced Next Hop routing
| Source | Destination | Services | Action |
|---|---|---|---|
| Intranet | Any | Office 365 | Allow |
Here, the Office 365 traffic is routed directly to the internet using the normal routing table.
| Source | Destination | Services | Action |
|---|---|---|---|
| Intranet | Any | http or https |
Allow Forced Next Hop (IP Address behind the GRE Tunnel. |
Here, the Forced Next Hop feature is configured for other web traffics, and hence other web traffics are routed to the cloud service using the GRE tunnel.
Note:
When the traffic that match the Access rule which has Forced Next Hop configured:
- Address specified in the Forced Next Hop is used in the route lookup instead of the destination address of the packet.
- Reply packets of the connection are allowed in antispoofing, like they come from the IP Address that is specified in the Forced Next Hop configuration.