Creating and activating a GRETAP interface

On each firewall that is part of the GRETAP tunnel, in Configuration > Network > Interfaces:

  1. Click on Add.
  2. Select GRETAP interface.
    The configuration window of the interface appears.
  3. Go to the General configuration tab.
  4. In the Status section, put the cursor on ON.
  5. In General settingsName field, name the GRETAP interface (GretapVLAN in the example).
  6. In General settings This interface is field, select External (public).
  7. In GRETAP tunnel addresses > Tunnel source field: select the physical interface that GRE traffic will pass through on its way out of the firewall to go through the IPSec tunnel.
    In the example shown, this will be the Firewall_out interface.
  8. In GRETAP tunnel addresses > Tunnel destination field: select (or create) an object with the public IP address of the remote firewall (Remote_FW in the example).
  9. In Address range > Address range field, select Address range inherited from the bridge.
  10. In Address range > Bridge field, select the bridge created earlier (new_bridge1 in the example).
    The interface is automatically placed in the bridge new_bridge1.
  11. Go to the Advanced properties tab.
  12. In Routing by interface, select Keep initial routing.
    A Keep VLAN IDs check box appears. Select it.
  13. Click on Apply, then Save to confirm the creation of the GRETAP interface.