Whether source address (interface) and destination address (interface) are mandatory when a GRE tunnel is configured on the USG6000

3

The source address (interface) and destination address (interface) are mandatory when a GRE tunnel is configured.

Other related questions:
Types of interfaces on both ends of the GRE tunnel for the USG6000
Interfaces on both ends of the GRE tunnel are tunnel interfaces, used to encapsulate and decapsulate packets. The physical interface used to transmit encapsulated packets is known as the tunnel source interface, and the peer interface used to receive the packets is known as the tunnel destination interface.

GRE tunnel configuration on the USG6000
The USG6000 GRE scenarios are as follows: 1. Static route-based GRE tunnel The NGFW adopts the dynamic routing protocol. Intranet users can transmit data that is not supported by certain public network devices over the GRE tunnel. 2. OSPF-based GRE tunnel The NGFW adopts the OSPF routing protocol. Intranet users can transmit data that is not supported by certain public network devices over the GRE tunnel. For specific scenarios and configuration cases, click Configuring a Static Route-based GRE Tunnel.

What is the function of the tunnel interface (GRE interface)
The tunnel interface (GRE interface) encapsulates and decapsulates data packets using GRE. The tunnel interface that sends encapsulated packets is called the tunnel source interface, and the one that receives these packets on the peer end is called the tunnel destination interface. Generally, the local WAN interface is used as the tunnel source interface, and the peer WAN interface is used as the tunnel destination interface.

Whether the interface address of the firewall can be an address in the address pool when the NAT policy is configured
When the NAT No-PAT and triplet NAT policies are configured, do not configure the interface address of the firewall as an interface in the NAT address pool, to prevent the impacts on the access to the firewall.

Whether the source address specified in the security policy is the translated address when the source NAT policy is configured
The source address specified in the security policy is the address before NAT when the source NAT policy is configured. When the firewall translates an address in a packet, it searches for the interzone security policy. The firewall translates only the address that passes the security policy check and matches the conditions defined in the interzone policy. Therefore, the source address specified in the interzone security policy is the address before NAT, that is, the private IP address.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top