Creating a GRETAP interface

Tunnels that use GRETAP interfaces allow encapsulating Level 2 traffic (Ethernet). They can then be used to link sites sharing the same IP address range through a bridge or to transport non-IP protocols over a bridge.

GRETAP interfaces are configured via a wizard that allows you to create the interface easily.

Click on Add and Add a GRETAP interface. The following screen appears:

Global configuration


Enter a unique name for your GRETAP interface.


Color assigned to the GRETAP interface.

Interface configuration

Create a disabled GRETAP interface

If this option is selected, the GRETAP interface will be inactive and located outside the bridges defined on the firewall. This option allows preparing a GRETAP configuration before using it in a production environment.

Use an existing bridge

A drop-down list allows selecting the bridge to which the GRETAP interface will be attached.

Configuring the GRETAP tunnel

Tunnel source

Select the outgoing interface of traffic using the tunnel. In general, this would be the “out” interface of the bridge to which the GRETAP interface belongs.

Tunnel destination

Select the object representing the tunnel’s remote endpoint. This is a host object that presents the public IP address of the remote firewall.