Creating and activating a GRETAP interface

On each firewall that is part of the GRETAP tunnel, in Configuration > Network > Interfaces:

  1. Click on Add.
  2. Select GRETAP interface.
    The configuration window of the interface appears.
  3. Go to the General configuration tab.
  4. In the Status section, put the cursor on ON.
  5. In General settingsName field, name the GRETAP interface (GretapVLAN in the example).
  6. In General settings This interface is field, select External (public).
  7. In GRETAP tunnel addresses > Tunnel source field: select the physical interface that GRE traffic will pass through on its way out of the firewall. In the example shown, this will be the Firewall_out interface.
  8. In GRETAP tunnel addresses > Tunnel destination field: select (or create) an object with the public IP address of the remote firewall (Remote_FW in the example).
  9. In Address range > Address range field, select Dynamic / Static.

Not attaching the GRETAP interface to a bridge makes it possible to allow only network packets through the GRE tunnel from VLANs attached to this interface (VLAN10 and 20 in the example).

  1. In Address range > IPv4 address field, select Fixed IP (static).
  2. Click on Add, and enter the IP address and network mask of the GRETAP interface.
    In this example, the IP address and network selected have the values ( on the remote firewall) and respectively:
  1. Click on Apply, then Save to confirm the creation of the GRETAP interface.