config system interface

edit "wan1"
set vdom "root"
set ip 64.26.130.77 255.255.255.248
set allowaccess ping https ssh snmp
set type physical
set role wan

next

edit "internal1"
set vdom "root"
set ip 172.16.69.1 255.255.255.0
set allowaccess ping ssh
set type physical
set role lan

next

edit "HPE"
set vdom "root"
set type tunnel
set comment "s2s_HPE-ipsec vpn"
set interface "wan1"
next

edit "FGT_to_VSR1000"
set vdom "root"
set ip 192.168.254.1 255.255.255.255
set allowaccess ping https ssh http telnet
set type tunnel
set remote-ip 192.168.254.2
set comment "GRE TUNNEL Adresses"
set interface "wan1"
next
end

===================================================== IPSEC VPN

=========================

config vpn ipsec phase1-interface

edit "HPE"
set interface "wan1"
set proposal aes128-sha1 aes256-sha1 3des-sha1
set remote-gw 72.142.132.18
set psksecret phase1test@217
next
end

config vpn ipsec phase2-interface

edit "HPE"
set phase1name "HPE"
set proposal aes128-sha1 aes256-sha1 3des-sha1
set pfs disable
set keylifeseconds 3600
set src-subnet 172.16.69.0 255.255.255.0
set dst-subnet 192.168.25.0 255.255.255.0
next
edit "192.168.30.0-HPE"
set phase1name "HPE"
set proposal aes128-sha1 aes256-sha1 3des-sha1
set pfs disable
set keylifeseconds 3600
set src-subnet 172.16.69.0 255.255.255.0
set dst-subnet 192.168.30.0 255.255.255.0
next
end

===============================================GRE VPN =============

Adding GRE tunnel :-

config system gre-tunnel

edit "FGT_to_VSR1000"
set interface "wan1"
set remote-gw 72.142.132.18
set local-gw 64.26.130.77
next
end

======================================POLICY CONFIG ========================

config firewall policy

edit 9 // GRE tunnel to INTERNAL LAN

set srcintf "FGT_to_VSR1000"

set dstintf "internal1"
set srcaddr "192.168.30.0/24"
set dstaddr "172.16.69.0/24"
set action accept
set schedule "always"
set service "ALL"
next
edit 10 // INTERNAL LAN to GRE tunnel

set srcintf "internal1"

set dstintf "FGT_to_VSR1000"
set srcaddr "172.16.69.0/24"
set dstaddr "192.168.30.0/24"
set action accept
set schedule "always"
set service "ALL"
next
edit 11 // GRE TUNNEL to IPSEC
 set srcintf "FGT_to_VSR1000"
set dstintf "HPE"
set srcaddr "172.16.69.0/24"
set dstaddr "192.168.30.0/24"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
next
edit 12 // IPSEC to GRE tunnel

set srcintf "HPE"

set dstintf "FGT_to_VSR1000"
set srcaddr "192.168.30.0/24"
set dstaddr "172.16.69.0/24"
set action accept
set schedule "always"
set service "ALL"
next
end

=====================STATIC ROUTE ========================

config router static

edit 3
set dst 192.168.25.0 255.255.255.0
set device "HPE"
set comment "s2s_HPE-ipsec vpn"
next
edit 4
set dst 192.168.30.0 255.255.255.0
set distance 15
set device "HPE"
set comment "s2s_HPE-ipsec vpn"

next
edit 5
set dst 192.168.30.0 255.255.255.0
set distance 8
set device "FGT_to_VSR1000"
set comment "GRE tunnel "
next
end

============================================================