GRE Tunneling Support

The firewall can terminate a GRE tunnel to connect two endpoints in a point-to-point, logical link.
Palo Alto Networks next-generation firewalls can now terminate GRE tunnels; you can route or forward packets to a GRE tunnel. The GRE tunnel connects two endpoints in a point-to-point, logical link between the firewall and another device. GRE tunnels are simple to use and often the tunneling protocol of choice for point-to-point connectivity, especially to services in the cloud or to partner networks.
Create a GRE tunnel when you want to direct packets that are destined for an IP address to take a certain point-to-point path, for example to a cloud-based proxy or to a partner network. The packets travel in the GRE tunnel to the cloud service while on their way to the destination address. Thus the cloud service can enforce its services or policies on the packets.
The following figure is an example of a GRE tunnel connecting the firewall across the internet to a cloud service.
gre_tunnel_deploy.png
    1. Select
      Network
      Interfaces
      Tunnel
      .
    2. Enter the tunnel
      Interface Name
      followed by a period and a number in the range 1 to 9,999; for example, tunnel.1.
    3. Assign the tunnel interface to a
      Security Zone
      .
    4. Assign an IP address to the tunnel interface.
  1. Create a GRE tunnel to have packets take a specific point-to-point path.
    1. Select
      Network
      GRE Tunnels
      and
      Add
      a tunnel.
    2. Select the
      Interface
      to use as the local GRE tunnel endpoint (source interface), which is an Ethernet interface or subinterface, AE, loopback, or VLAN interface.
    3. Select the
      Local IP Address
      of that interface.
    4. Enter the
      Peer Address
      , which is the IP address of the opposite endpoint of the GRE tunnel.
    5. Select the
      Tunnel Interface
      that you created in Step 1.
  2. (
    Best Practice
    ) Enable the Keep Alive function for the GRE tunnel. Optionally change the Keep Alive settings.
  3. Configure a routing protocol or static route to route packets to the GRE tunnel. For example, configure a static route to the destination server.
  4. Commit
    your changes.
  5. Configure the opposite end of the tunnel.
  6. Verify that the firewall can communicate with the tunnel peer over the GRE tunnel.

Recommended For You