Creating or modifying a GRE interface

The GRE protocol allows encapsulating IP traffic in a point-to-point IP tunnel. This allows, for example, routing networks from one site to another through a GRE tunnel without having to declare this routing method on all routers in between.

GRE tunnels are not encrypted natively: they merely encapsulate. GRE traffic can however be made to go through an IPsec tunnel.

To create or modify a virtual GRE interface, click on the GRE interfaces tab.

Button bar

Search Search that covers interfaces.
Add Adds an “empty” interface. An added interface (sending of a command) is effective only if its fields Name, IP address, Network mask, Tunnel source and Tunnel destination have been entered.
Delete Deletes one or several selected interfaces. Use the keys Ctrl/Shift + Delete to delete several interfaces.
Check usage Represented by the icon , this button indicates whether the selected interface is being used elsewhere in the configuration.
ApplySends the configuration of the IPsec interfaces.
CancelCancels the configuration of the IPsec interfaces.

Interactive features

Some operations listed in the taskbar can be performed by right-clicking on the table of GRE interfaces:

  • Add,
  • Delete,
  • Check usage.

Presentation of the table

The table sets out seven fields of information:

StatusStatus of the interfaces:
  • Enabled: Double-click to enable the created interface.
  • Disabled: The interface is not in operation. The line will be grayed out in order to reflect this.
Name(mandatory)Give the GRE interface a name.
IPv4 address (mandatory),Enter the IP address assigned to the virtual interface created.
IPv4 mask (mandatory),The default value suggested is Since virtual GRE interfaces are meant for setting up point-to-point tunnels, a network that allows assigning two addresses is sufficient in theory. This value may however be customized.
Tunnel source (mandatory)Select the outgoing interface of traffic using the tunnel. In general, this would be the firewall’s “out” interface or a bridge.
Tunnel destination (mandatory)Select the object representing the tunnel’s remote endpoint. This is a host object that presents the public IP address of the remote firewall.
Comments(optional)Any text.