diff --git a/docs/calico.md b/docs/calico.md
index 53c9af039155de36e9cc13a4a8c93d80cedfc6b4..81bf4c5b4935f828ca2220d9d4f7d14bdf008be2 100644
--- a/docs/calico.md
+++ b/docs/calico.md
@@ -71,3 +71,8 @@ you'll need to edit the inventory and add a and a hostvar `local_as` by node.
 ```
 node1 ansible_ssh_host=95.54.0.12 local_as=xxxxxx
 ```
+
+Cloud providers configuration
+=============================
+
+Please refer to the official documentation, for example [GCE configuration](http://docs.projectcalico.org/v1.5/getting-started/docker/installation/gce) requires a security rule for calico ip-ip tunnels. Note, calico is always configured with ``ipip: true`` if the cloud provider was defined.
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index 9c7d34c27e7031d3c51cf27ced87199d097a674f..901544ac21a07a2a25f3694329a9f062724b52fa 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -71,7 +71,7 @@
 
 - name: Fix ipv4 forward rule in GCE security policy
   lineinfile:
-    dest: /etc/sysctl.d/11-gce-network-security.conf
+    dest: /etc/sysctl.d/99-sysctl.conf
     regexp: '^net.ipv4.ip_forward='
     line: 'net.ipv4.ip_forward=1'
     state: present