Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configuring GRE Tunnels on a Network Device or Using an SD-WAN Service

  1. Last updated
  2. Save as PDF

When configuring GRE tunnels to route web traffic from your network to Secure Web Gateway, you complete a part of the configuration procedure on a device you are running within your network or using an SD-WAN service.
 

Configuration Parameters

For this configuration, you need to specify several IP addresses as parameters. They are related to your network and the Points of Presence (PoPs) where web traffic originating from your network is routed to through the GRE tunnels.

You also specify these parameters or see them displayed as allocated by Secure Web Gateway when you configure GRE tunnels on the user interface for Secure Web Gateway, see Configure GRE Tunnels on Secure Web Gateway.

When configuring GRE tunnels on a device within your network or using an SD-WAN service, it is these parameters that you need to specify. The following section lists and explains them again using a diagram. 

Configuration Diagram

The diagram below shows your corporate network and two Points of Presence (PoPs), where web traffic is routed to from your network through a primary or a secondary GRE tunnel.

For the parameters you need to specify when configuring these tunnels, signatures are used here, such as E1, G1, G2, and others. They are explained together with the configuration components further below.

clipboard_e6f946124c7e408e484a5bbc1a28a0cc3.png

The diagram shows the following configuration components and parameters.

  • Your corporate network — This is where the web traffic originates that is routed through GRE tunnels to our Points of Presence (PoPs). 

    For your network, you specify these parameters when configuring GRE tunnels on a device within your network or using an SD-WAN service: 

    • External IP address (E1)

    • Internal source IP address for the primary GRE tunnel (G1)

    • Internal source IP address for the secondary GRE tunnel (G2)

  • First Point of Presence (Skyhigh PoP 1) — This is the PoP with the instance of Secure Web Gateway that web traffic is routed to through the primary GRE tunnel. It is best available from your network. 

    For this PoP, you specify the following parameters when configuring GRE tunnels on a device within your network or using an SD-WAN service. 

    • IP address resolved from its domain name (E2)

    • Internal destination IP address for the primary GRE tunnel (G3)

  • Second Point of Presence (Skyhigh PoP 2) — This is the PoP with the instance of Secure Web Gateway that web traffic is routed to through the secondary GRE tunnel. It is second-best in availability.

    Web traffic is routed through the secondary GRE tunnel to this PoP when the PoP that is usually best-available happens to be inactive.

    For this PoP, you specify the following parameters when configuring GRE tunnels on a device within your network or using an SD-WAN service.

    • IP address resolved from its domain name (E3)

    • Internal destination IP address for the secondary GRE tunnel (G4)

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.