IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
Creating or modifying a GRE interface
The GRE protocol allows encapsulating IP traffic in a point-to-point IP tunnel. This allows, for example, routing networks from one site to another through a GRE tunnel without having to declare this routing method on all routers in between.
GRE tunnels are not encrypted natively: they merely encapsulate. GRE traffic can however be made to go through an IPsec tunnel.
To create or modify a virtual GRE interface, click on the GRE interfaces tab.
Button bar
| Search |
Search that covers interfaces. |
| Add |
Adds an “empty” interface. An added interface (sending of a command) is effective only if its fields Name, IP address, Network mask, Tunnel source and Tunnel destination have been entered. |
| Delete |
Deletes one or several selected interfaces. Use the keys Ctrl/Shift + Delete to delete several interfaces. |
| Check usage |
Represented by the icon |
, this button indicates whether the selected interface is being used elsewhere in the configuration.
|
Apply |
Sends the configuration of the IPsec interfaces. |
|
Cancel |
Cancels the configuration of the IPsec interfaces. |
Interactive features
Some operations listed in the taskbar can be performed by right-clicking on the table of GRE interfaces:
- Add,
- Delete,
- Check usage.
Presentation of the table
The table sets out seven fields of information:
| Status |
Status of the interfaces:
|
| Name(mandatory) |
Give the GRE interface a name. |
| IPv4 address (mandatory), |
Enter the IP address assigned to the virtual interface created. |
| IPv4 mask (mandatory), |
The default value suggested is 255.255.255.252. Since virtual GRE interfaces are meant for setting up point-to-point tunnels, a network that allows assigning two addresses is sufficient in theory. This value may however be customized. |
| Tunnel source (mandatory) |
Select the outgoing interface of traffic using the tunnel. In general, this would be the firewall’s “out” interface or a bridge. |
| Tunnel destination (mandatory) |
Select the object representing the tunnel’s remote endpoint. This is a host object that presents the public IP address of the remote firewall. |
| Comments(optional) |
Any text. |
Enabled: Double-click to enable the created interface. 
Disabled: The interface is not in operation. The line will be grayed out in order to reflect this.