Creating the GRETAP interface

On each firewall that is part of the GRETAP tunnel, in Configuration > Network > Interfaces:

  1. Click on Add.
  2. Select GRETAP interface.
    The configuration window of the interface appears.
  3. In General configuration > General settings:
  • Assign a Name to the GRETAP interface (gretap_FW in the example).
  • In the This interface is field, select Internal (protected).
  1. In the General configuration tab > GRETAP tunnel addresses:
  • Tunnel source: select the physical interface that GRE traffic will pass through on its way out of the firewall. In the example shown, this will be the Firewall_out interface.
  • Tunnel destination: select an object bearing the public IP address of the remote firewall (Remote_FW in the example).
  1. In General configuration > Address range:
  • Select Address range inherited from the bridge,
  • Next, select the Bridge to which the interface must be connected.
    This can be a bridge generated by the default configuration or a bridge created for this purpose.


  • Bridges cannot be created in the GRETAP interface creation wizard.
  • It is possible to not select any bridge for the GRETAP interface by forcing the status of the interface to OFF. The interface can then be enabled later by moving it to a bridge.

  1. Click on Apply to confirm the creation of the GRETAP interface.