-
By default, the Enable this tunnel check box is selected, which allows the GRE tunnel to be established as soon as you finish configuring it. Clear the check box if you want to enable the tunnel later.
-
For Tunnel IP Address type an address on an unused subnet. This virtual subnet should not be configured on the module or the host switch. The tunnel IP address on the other GRE gateway should be on this same unused subnet.
-
For Firewall Zone Association select a zone for the tunnel IP address. Later, you will configure firewall access policies for the tunnel traffic on this zone.
-
For Local IP Address type the IP address for the tunnel gateway on the Threat Management Services zl Module that the remote end of the tunnel can reach. If the module is behind a NAT device, this should be the public IP address.
-
For Remote IP Address type the public IP address of the tunnel’s remote gateway.
-
Under Tunnel Traffic Selector type the network IP address and subnet mask of the destination subnet for this tunnel. Type 0.0.0.0 in the IP Address and Subnet Mask fields to permit all addresses.
-
To add another destination subnet, click Add Traffic Selector and fill in the IP Address and Subnet Mask boxes.
-
Click OK. The tunnel is now displayed in the VPN > GRE > GRE Tunnels window.
-
Add firewall access policies to allow the tunnel traffic.
-
Configure a static route to the remote destination, if necessary.
-
You can see the GRE tunnel connections on the dashboard in the Firewall pane of the destination endpoint of tunnel. Look for connections in the zone with which you associated the tunnel IP address.