Creating or modifying a GRE interface
The GRE protocol allows encapsulating IP traffic in a point-to-point IP tunnel. This allows, for example, routing networks from one site to another through a GRE tunnel without having to declare this routing method on all routers in between.
GRE tunnels are not encrypted natively: they merely encapsulate. GRE traffic can however be made to go through an IPSec tunnel.
To create or modify a virtual GRE interface, click on the GRE interfaces tab.
|Search||Search that covers interfaces.|
|Add||Adds an “empty” interface. An added interface (sending of a command) is effective only if its fields Name, IP address, Network mask, Tunnel source and Tunnel destination have been entered.|
|Delete||Deletes one or several selected interfaces. Use the keys Ctrl/Shift + Delete to delete several interfaces.|
|Check usage||Represented by the icon , this button indicates whether the selected interface is being used elsewhere in the configuration.|
|Apply||Sends the configuration of the IPSec interfaces.|
|Cancel||Cancels the configuration of the IPSec interfaces.|
Some operations listed in the taskbar can be performed by right-clicking on the table of GRE interfaces:
- Check usage.
Presentation of the table
The table sets out seven fields of information:
|Status||Status of the interfaces: |
|Name(mandatory)||Give the GRE interface a name.|
|IPv4 address (mandatory),||Enter the IP address assigned to the virtual interface created.|
|IPv4 mask (mandatory),||The default value suggested is 255.255.255.252. Since virtual GRE interfaces are meant for setting up point-to-point tunnels, a network that allows assigning two addresses is sufficient in theory. This value may however be customized.|
|Tunnel source (mandatory)||Select the outgoing interface of traffic using the tunnel. In general, this would be the firewall’s “out” interface or a bridge.|
|Tunnel destination (mandatory)||Select the object representing the tunnel’s remote endpoint. This is a host object that presents the public IP address of the remote firewall.|