Application scenarios of GRE features on the USG6000

3

GRE features are mainly applied in the following scenarios: GRE over IPSec, IPv6 over IPv4 tunnel, expanding the working scope of the network with restricted hops, and GRE VPN.

Other related questions:
Application scenarios for the USG6000 served as a DHCP server
When the USG6000 serves as a DHCP server, the typical application scenarios are as follows: ?The DHCP client and the DHCP server are in the same network segment: The firewall serves as the DHCP server that is connected to the DHCP client through the L2 switch (or hub). ?The DHCP client and the DHCP server are in different network segments: The DHCP server needs to cooperate with a DHCP relay to dynamically allocate IP addresses in different network segments.

Application scenarios of the USG6000 DNS transparent proxy
The DNS transparent proxy function of the firewall can change the destination addresses of certain DNS request packets to the DNS server addresses of other ISPs (such as the DNS server address of ISP2). DNS requests are forwarded to different ISPs, and therefore the web server addresses obtained through resolution belong to different ISPs, and Internet access traffic is forwarded through different ISP links. This helps prevent the issue that a link is congested, whereas other links are idle and ensures that all link resources are fully used.

Major application scenarios of SSL VPN on the USG6000 series
The major SSL VPN scenarios include SSL VPN access gateway for remote users and isolation of services of multiple virtual gateways.

GRE configuration on S series switch
Before configuring GRE, ensure that there is a reachable route between two ends of the tunnel. In this example, the source address is 10.1.1.1/24 and the destination address is 10.2.1.1/24 (the source and destination addresses on the remote end are mirrored). The local end's subnet is 192.168.1.0/24, and the remote subnet is 192.168.2.0.The configurations on S series switches, except S1700 are as follows: Local end: [HUAWEI1] interface tunnel 1 //Create a tunnel interface. [HUAWEI1-Tunnel1] tunnel-protocol gre //Configure the GRE tunnel. [HUAWEI1-Tunnel1] ip address 172.16.1.1 255.255.255.0 //Configure IP addresses for the GRE tunnel for routing. [HUAWEI1-Tunnel1] source 10.1.1.1 //Configure the source address for the GRE tunnel. [HUAWEI1-Tunnel1] destination 10.2.1.1 //Configure the destination address for the GRE tunnel. [HUAWEI1-Tunnel1] quit [HUAWEI1] ip route-static 192.168.2.0 255.255.255.0 tunnel 1 //Configure connection between connected subnets through the GRE tunnel. Remote device: [HUAWEI2] interface tunnel 1 //Create a tunnel interface. [HUAWEI2-Tunnel1] tunnel-protocol gre //Configure the GRE tunnel. [HUAWEI2-Tunnel1] ip address 172.16.1.1 255.255.255.0 //Configure IP addresses for the GRE tunnel for routing. [HUAWEI2-Tunnel1] source 10.2.1.1 //Configure the source address for the GRE tunnel. [HUAWEI2-Tunnel1] destination 10.1.1.1 //Configure the destination address for the GRE tunnel. [HUAWEI2-Tunnel1] quit [HUAWEI2] ip route-static 192.168.1.0 255.255.255.0 tunnel 1 //Configure connection between connected subnets through the GRE tunnel.

Application scenarios where the USG6000 serves as the DNS Client
The firewall serves as the DNS Client and uses DNS to dynamically obtain the IP address corresponding to the domain name for user communications. When the firewall executes the following services, it can serve as the DNS Client to send DNS request packets to the DNS Server. Perform the ping or tracert operation in domain name mode. Access the security center platform in domain name mode to update the signature database. Access the CA server in domain name mode to obtain the certificate online.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top