Creating the GRETAP interface
On each firewall that is part of the GRETAP tunnel, in Configuration > Network > Interfaces:
- Click on Add.
- Select GRETAP interface.
The configuration window of the interface appears.
- In General configuration > General settings:
- Assign a Name to the GRETAP interface (gretap_FW in the example).
- In the This interface is field, select Internal (protected).
- In the General configuration tab > GRETAP tunnel addresses:
- Tunnel source: select the physical interface that GRE traffic will pass through on its way out of the firewall. In the example shown, this will be the Firewall_out interface.
- Tunnel destination: select an object bearing the public IP address of the remote firewall (Remote_FW in the example).
- In General configuration > Address range:
- Select Address range inherited from the bridge,
- Next, select the Bridge to which the interface must be connected.
This can be a bridge generated by the default configuration or a bridge created for this purpose.
- Bridges cannot be created in the GRETAP interface creation wizard.
- It is possible to not select any bridge for the GRETAP interface by forcing the status of the interface to OFF. The interface can then be enabled later by moving it to a bridge.
- Click on Apply to confirm the creation of the GRETAP interface.