Introduction

Product concerned: SNS 2.3 and higher versions

Last update: June 2018

From firmware version 2.x onwards, Stormshield Network firewalls can encapsulate Level 2 traffic in GRE (Generic Routing Encapsulation) tunnels based on GRETAP interfaces. Since GRE tunnels are not encrypted natively, exchanges can be secured by making GRE traffic go through IPSec.

The use of GRE tunnels based on GRETAP interfaces makes it possible, for instance, to link sites with the same address range through a bridge. DHCP services can therefore be shared between both sites. This kind of tunnel also allows transporting VLANs identified and explicitly declared on the firewalls between two sites