1. Home
    2. PAN-OS
    3. PAN-OS® New Features Guide
    4. Networking Features
    5. GRE Tunneling Support

    GRE Tunneling Support

    The firewall can terminate a GRE tunnel to connect two endpoints in a point-to-point, logical link.
    Palo Alto Networks next-generation firewalls can now terminate GRE tunnels; you can route or forward packets to a GRE tunnel. The GRE tunnel connects two endpoints in a point-to-point, logical link between the firewall and another device. GRE tunnels are simple to use and often the tunneling protocol of choice for point-to-point connectivity, especially to services in the cloud or to partner networks.
    Create a GRE tunnel when you want to direct packets that are destined for an IP address to take a certain point-to-point path, for example to a cloud-based proxy or to a partner network. The packets travel in the GRE tunnel to the cloud service while on their way to the destination address. Thus the cloud service can enforce its services or policies on the packets.
    The following figure is an example of a GRE tunnel connecting the firewall across the internet to a cloud service.
    gre_tunnel_deploy.png
      1. Select
        Network
        Interfaces
        Tunnel
        .
      2. Enter the tunnel
        Interface Name
         followed by a period and a number in the range 1 to 9,999; for example, tunnel.1.
      3. Assign the tunnel interface to a
        Security Zone
        .
      4. Assign an IP address to the tunnel interface.
    2. Create a GRE tunnel to have packets take a specific point-to-point path.
      1. Select
        Network
        GRE Tunnels
         and
        Add
         a tunnel.
      2. Select the
        Interface
         to use as the local GRE tunnel endpoint (source interface), which is an Ethernet interface or subinterface, AE, loopback, or VLAN interface.
      3. Select the
        Local IP Address
         of that interface.
      4. Enter the
        Peer Address
        , which is the IP address of the opposite endpoint of the GRE tunnel.
      5. Select the
        Tunnel Interface
         that you created in Step 1.
    3. (
      Best Practice
      ) Enable the Keep Alive function for the GRE tunnel. Optionally change the Keep Alive settings.
    4. Configure a routing protocol or static route to route packets to the GRE tunnel. For example, configure a static route to the destination server.
    5. Commit
       your changes.
    6. Configure the opposite end of the tunnel.
    7. Verify that the firewall can communicate with the tunnel peer over the GRE tunnel.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2020 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo