Creating or modifying a GRE interface
The GRE protocol allows encapsulating IP traffic in a point-to-point IP tunnel. This allows, for example, routing networks from one site to another through a GRE tunnel without having to declare this routing method on all routers in between.
GRE tunnels are not encrypted natively: they merely encapsulate. GRE traffic can however be made to go through an IPsec tunnel.
To create or modify a virtual GRE interface, click on the GRE interfaces tab.
Button bar
| Search | Search that covers interfaces. |
| Add | Adds an “empty” interface. An added interface (sending of a command) is effective only if its fields Name, IP address, Network mask, Tunnel source and Tunnel destination have been entered. |
| Delete | Deletes one or several selected interfaces. Use the keys Ctrl/Shift + Delete to delete several interfaces. |
| Check usage | Represented by the icon , this button indicates whether the selected interface is being used elsewhere in the configuration. |
| Apply | Sends the configuration of the IPsec interfaces. |
| Cancel | Cancels the configuration of the IPsec interfaces. |
Interactive features
Some operations listed in the taskbar can be performed by right-clicking on the table of GRE interfaces:
- Add,
- Delete,
- Check usage.
Presentation of the table
The table sets out seven fields of information:
| Status | Status of the interfaces:
|
| Name(mandatory) | Give the GRE interface a name. |
| IPv4 address (mandatory), | Enter the IP address assigned to the virtual interface created. |
| IPv4 mask (mandatory), | The default value suggested is 255.255.255.252. Since virtual GRE interfaces are meant for setting up point-to-point tunnels, a network that allows assigning two addresses is sufficient in theory. This value may however be customized. |
| Tunnel source (mandatory) | Select the outgoing interface of traffic using the tunnel. In general, this would be the firewall’s “out” interface or a bridge. |
| Tunnel destination (mandatory) | Select the object representing the tunnel’s remote endpoint. This is a host object that presents the public IP address of the remote firewall. |
| Comments(optional) | Any text. |
, this button indicates whether the selected interface is being used elsewhere in the configuration.
Enabled: Double-click to enable the created interface.
Disabled: The interface is not in operation. The line will be grayed out in order to reflect this.