1. Home
    2. PAN-OS
    3. PAN-OS® New Features Guide
    4. Networking Features
    5. GRE Tunneling Support

    GRE Tunneling Support

    The firewall can terminate a generic routing encapsulation (GRE) tunnel to connect two endpoints in a point-to-point, logical link.
    Palo Alto Networks next-generation firewalls can now terminate generic routing encapsulation (GRE) tunnels, which enables you to route or forward packets to a GRE tunnel. The GRE tunnel connects two endpoints in a point-to-point, logical link between the firewall and another device. GRE tunnels are simple to use and are often the tunneling protocol of choice for point-to-point connectivity, especially to services in the cloud or to partner networks.
    Create a GRE tunnel when you want to direct packets that are destined for an IP address to take a certain point-to-point path, such as to a cloud-based proxy or to a partner network. The packets travel in the GRE tunnel to the cloud service while on their way to the destination address, which enables the cloud service to enforce its services or policies on the packets.
    The following figure is an example of a GRE tunnel connecting the firewall across the internet to a cloud service.
    gre_tunnel_deploy.png
      1. Select
        Network
        Interfaces
        Tunnel
        .
      2. Enter the tunnel
        Interface Name
         followed by a period and a number (range is 1 to 9,999); for example,
        tunnel.1
        .
      3. Assign the tunnel interface to a
        Security Zone
        .
      4. Assign an IP address to the tunnel interface.
    2. Create a GRE tunnel to have packets take a specific point-to-point path.
      1. Select
        Network
        GRE Tunnels
         and
        Add
         a tunnel.
      2. Select the
        Interface
         to use as the local GRE tunnel endpoint (source interface), which is an Ethernet interface or subinterface or an Aggregated Ethernet (AE), loopback, or VLAN interface.
      3. Select the
        Local IP Address
         of that interface.
      4. Enter the
        Peer Address
        , which is the IP address of the opposite endpoint of the GRE tunnel.
      5. Select the
        Tunnel Interface
         that you created.
    3. (
      Best Practice
      ) Enable the
      Keep Alive
       function for the GRE tunnel. Optionally, modify the Keep Alive settings.
    4. Configure a routing protocol or static route to route packets to the GRE tunnel. For example, configure a static route to the destination server.
    5. Commit
       your changes.
    6. Configure the opposite end of the tunnel.
    7. Verify that the firewall can communicate with the tunnel peer over the GRE tunnel.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo