Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vijay_Nagaraj
Contributor
Jump to solution

GRE Tunnel

Hi Experts,

I believe the the GRE tunnel cannot be terminated in the Check Point firewalls (Please confirm if by any way or in any version hardware or software or any model its supported). Also this GRE is proprietary of other vendor, is that a reason CP does not support or any other technical reasons there? Please let me know, any information is highly appreciable.

Thanks in advance.

Vijay 

0 Kudos
2 Solutions

Accepted Solutions
Gera_Dorfman
Employee
Employee
There is a Hotfix on top of R80.10 supporting GRE tunnels on Gaia
The plan is to support GRE in the main-train in the first major release in 2020.

View solution in original post

Gera_Dorfman
Employee
Employee

GRE is in R81 which we plan to GA soon and we're looking for EA customers. 

View solution in original post

19 Replies
Nick_Doropoulos
Advisor

Hello,

GRE tunnels are not supported on Gaia OS. Please see sk92845 for more information.

Thanks.

Vijay_Nagaraj
Contributor
Thanks for your response..
0 Kudos
PhoneBoy
Admin
Admin
GRE is not supported on Gaia and, as far as I know, there are no plans to add such support.

GRE is hardly proprietary as it is a standard Linux kernel module.
It was possible in some older versions of Gaia to enable the necessary drivers and manually configure these interfaces using standard Linux commands.
However, none of the Gaia infrastructure recognizes GRE interfaces.
Vijay_Nagaraj
Contributor

Thanks for the response!!

0 Kudos
Gera_Dorfman
Employee
Employee
There is a Hotfix on top of R80.10 supporting GRE tunnels on Gaia
The plan is to support GRE in the main-train in the first major release in 2020.
Tom_Vandepoel
Participant

Hi Gera,

I just opened a support case with TAC to get more info on GRE support. This is the answer I received:

"I consulted with the developers and verified sk92845.
termination of GRE traffic is not supported on Check Point Gateway.

You may refer to the local office to request for Request for Enhancement.

Please let me know in case further information is needed."

Could you point me to up to date information on GRE support as it seems TAC doesn't have the right info...

Thanks,

Tom.

 

0 Kudos
Gera_Dorfman
Employee
Employee
Hi Tom
The HF was developed as RFE for another customer, so that's the reason for TAC response.
Let's discuss it offline - can you please send me an email to gerad@checkpoint.com , and I will ask my team to see if and how we can help.
Thanks
Gera
0 Kudos
Alex_Lewis
Contributor

is there any update concerning GRE support on Gaia? Is the hotfix that was available for R80.10 also available for R80.30 and R80.40?

0 Kudos
Gera_Dorfman
Employee
Employee

GRE is in R81 which we plan to GA soon and we're looking for EA customers. 

John_Le
Explorer

Hi Gera,

Would you be able to advise on whether GRE tunnel support for R81 will also include GRE support in a VS?

Kind regards,

John.

0 Kudos
IS4IT_CheckPoin
Explorer

hi Gera,

Is it possable to encypt the GRe tunnel. this could bd dome by making the tunnel endpoint intresting for encrpted traffic. thanks!

 

 

0 Kudos
Sanjay_S
Advisor

Hi Gera,

We are on R81, if this supports GRE can i get the implementaion guide for the same please?

Regards,

Sanjay S

0 Kudos
PhoneBoy
Admin
Admin
0 Kudos
PhoneBoy
Admin
Admin

That was a customer-specific hotfix that had some limitations associated with it, including support for future jumbo hotfixes.
Those generally don’t get ported to other releases but rather integrated as part of a maintrain release, such as R81.
Best to join the R81 Early Availability program.

0 Kudos
Sanjay_S
Advisor

Hi PhoneBoy,

If it possible to create the GRE tunnel over IPSec as we do in the Cisco routers?

Regards,

Sanjay S

0 Kudos
PhoneBoy
Admin
Admin

I don't believe that's supported, no. 
Am curious why you'd tunnel GRE in IPSec, though.

0 Kudos
Tom_Vandepoel
Participant

Why? For exactly the reason that Sanjay mentioned. The old-school way of doing routed vpn on Cisco IOS devices uses IPSEC in GRE. Nowadays, it's not actually necessary anymore to do routed vpn this way on cisco (you have now Virtual Tunnel Interfaces).

Some companies still use that old "technology" though and we have one customer that needs to setup such a tunnel with another company that (for whatever reason) insists on using IPSEC in GRE... so indeed this feature would be appreciated 😉

Thanks,

Tom

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events