This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vijay_Nagaraj
Contributor
‎2019-10-11 12:19 PM
Jump to solution

GRE Tunnel

Hi Experts,

I believe the the GRE tunnel cannot be terminated in the Check Point firewalls (Please confirm if by any way or in any version hardware or software or any model its supported). Also this GRE is proprietary of other vendor, is that a reason CP does not support or any other technical reasons there? Please let me know, any information is highly appreciable.

Thanks in advance.

Vijay 

0 Kudos
2 Solutions

Accepted Solutions
Gera_Dorfman
Employee Alumnus
Employee Alumnus
‎2019-10-15 03:26 PM
In response to PhoneBoy
Jump to solution

There is a Hotfix on top of R80.10 supporting GRE tunnels on Gaia
The plan is to support GRE in the main-train in the first major release in 2020.

View solution in original post

Gera_Dorfman
Employee Alumnus
Employee Alumnus
‎2020-08-10 10:17 AM
In response to Alex_Lewis
Jump to solution

GRE is in R81 which we plan to GA soon and we're looking for EA customers. 

View solution in original post

19 Replies
Nick_Doropoulos
Advisor
‎2019-10-11 12:31 PM
Jump to solution

Hello,

GRE tunnels are not supported on Gaia OS. Please see sk92845 for more information.

Thanks.

Vijay_Nagaraj
Contributor
‎2019-10-12 07:14 AM
In response to Nick_Doropoulos
Jump to solution

Thanks for your response..
0 Kudos
PhoneBoy
Admin
Admin
‎2019-10-11 03:24 PM
Jump to solution

GRE is not supported on Gaia and, as far as I know, there are no plans to add such support.

GRE is hardly proprietary as it is a standard Linux kernel module.
It was possible in some older versions of Gaia to enable the necessary drivers and manually configure these interfaces using standard Linux commands.
However, none of the Gaia infrastructure recognizes GRE interfaces.
Vijay_Nagaraj
Contributor
‎2019-10-12 07:14 AM
In response to PhoneBoy
Jump to solution

Thanks for the response!!

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2019-10-15 04:28 AM
In response to PhoneBoy
Jump to solution

According to Wikipedia, Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco SystemsLinux and BSD can establish ad-hoc IP over GRE tunnels which are interoperable with Cisco equipment.

sk92845: Can users create a GRE tunnel on Gaia OS?

sk157893: Check Point recommendations for tunneling through IPsec instead of GRE

sk60793: Configuring Security Gateways to allow connection to PPTP server while using Hide-NAT (GRE ...

sk90060: GRE tunnel stops working inside a Site-to-Site VPN tunnel established with Check Point clus...

sk96071: Check Point 600/1100 Appliances drops GRE packets

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Gera_Dorfman
Employee Alumnus
Employee Alumnus
‎2019-10-15 03:26 PM
In response to PhoneBoy
Jump to solution

There is a Hotfix on top of R80.10 supporting GRE tunnels on Gaia
The plan is to support GRE in the main-train in the first major release in 2020.
Tom_Vandepoel
Participant
Participant
‎2019-11-19 06:57 AM
In response to Gera_Dorfman
Jump to solution

Hi Gera,

I just opened a support case with TAC to get more info on GRE support. This is the answer I received:

"I consulted with the developers and verified sk92845.
termination of GRE traffic is not supported on Check Point Gateway.

You may refer to the local office to request for Request for Enhancement.

Please let me know in case further information is needed."

Could you point me to up to date information on GRE support as it seems TAC doesn't have the right info...

Thanks,

Tom.

 

0 Kudos
Gera_Dorfman
Employee Alumnus
Employee Alumnus
‎2019-11-19 07:00 AM
In response to Tom_Vandepoel
Jump to solution

Hi Tom
The HF was developed as RFE for another customer, so that's the reason for TAC response.
Let's discuss it offline - can you please send me an email to gerad@checkpoint.com , and I will ask my team to see if and how we can help.
Thanks
Gera
0 Kudos
Alex_Lewis
Contributor
‎2020-08-10 10:14 AM
In response to Gera_Dorfman
Jump to solution

is there any update concerning GRE support on Gaia? Is the hotfix that was available for R80.10 also available for R80.30 and R80.40?

0 Kudos
Gera_Dorfman
Employee Alumnus
Employee Alumnus
‎2020-08-10 10:17 AM
In response to Alex_Lewis
Jump to solution

GRE is in R81 which we plan to GA soon and we're looking for EA customers. 

John_Le
Explorer
‎2020-10-07 08:18 PM
In response to Gera_Dorfman
Jump to solution

Hi Gera,

Would you be able to advise on whether GRE tunnel support for R81 will also include GRE support in a VS?

Kind regards,

John.

0 Kudos
IS4IT_CheckPoin
Explorer
‎2023-12-04 12:31 AM
In response to Gera_Dorfman
Jump to solution

hi Gera,

Is it possable to encypt the GRe tunnel. this could bd dome by making the tunnel endpoint intresting for encrpted traffic. thanks!

 

 

0 Kudos
Sanjay_S
Advisor
‎2021-11-12 04:52 AM
In response to Gera_Dorfman
Jump to solution

Hi Gera,

We are on R81, if this supports GRE can i get the implementaion guide for the same please?

Regards,

Sanjay S

0 Kudos
PhoneBoy
Admin
Admin
‎2021-11-12 10:15 AM
In response to Sanjay_S
Jump to solution

Start with the product documentation: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/GRE-Int...

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-08-10 12:28 PM
In response to Alex_Lewis
Jump to solution

That was a customer-specific hotfix that had some limitations associated with it, including support for future jumbo hotfixes.
Those generally don’t get ported to other releases but rather integrated as part of a maintrain release, such as R81.
Best to join the R81 Early Availability program.

0 Kudos
Sanjay_S
Advisor
‎2021-11-22 02:32 AM
In response to PhoneBoy
Jump to solution

Hi PhoneBoy,

If it possible to create the GRE tunnel over IPSec as we do in the Cisco routers?

Regards,

Sanjay S

0 Kudos
PhoneBoy
Admin
Admin
‎2021-11-29 12:44 PM
In response to Sanjay_S
Jump to solution

I don't believe that's supported, no. 
Am curious why you'd tunnel GRE in IPSec, though.

0 Kudos
Tom_Vandepoel
Participant
Participant
‎2021-11-29 11:09 PM
In response to PhoneBoy
Jump to solution

Why? For exactly the reason that Sanjay mentioned. The old-school way of doing routed vpn on Cisco IOS devices uses IPSEC in GRE. Nowadays, it's not actually necessary anymore to do routed vpn this way on cisco (you have now Virtual Tunnel Interfaces).

Some companies still use that old "technology" though and we have one customer that needs to setup such a tunnel with another company that (for whatever reason) insists on using IPSEC in GRE... so indeed this feature would be appreciated 😉

Thanks,

Tom

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events