Creating a GRE Site
Creating a GRE Site
Note
This feature is currently in Controlled GA. Contact your Sales Representative or Support to enable it. If you’re using the previous GRE page, see GRE.
To create an GRE site:
- Go to Settings > Security Cloud Platform > GRE.
- Click Create New and then New GRE Site.
- In the New GRE Site window, for Site Name, enter a name for the GRE site.
- In the Basic Settings tab:
- Source IP Address: Enter the source peer IP address (i.e., exit public IP) of the router or firewall that Netskope will receive packets from. Netskope identifies traffic belonging to your organization through your router or firewall IP addresses.
- Primary Netskope POP: Select the closest primary Netskope point of presence (POP). For optimal performance, Netskope recommends using the geographically closest POPs and configuring at least two POPs for each egress location in your network.
- Sort Netskope POPs by geographical distance: Select to sort the Netskope POP list by the closest geographical distance. You can search for the nearest POP by entering an IP address or longitude and latitude coordinates.
- Additional Netskope POP: Select the second closest Netskope POP to use as the backup/failover site. You can select a maximum of 9 more POPs. For optimal performance, Netskope recommends using the geographically closest POPs and configuring at least two POPs for each egress location in your network.
- (Optional) In the Advanced Settings tab:
- Traffic Type: Choose the type of traffic traversing the GRE site.
- User
- IoT
- Mixed
- Machine
- Guest Wifi
- Vendor: Choose the vendor of the third-party router or firewall that’s associated with the GRE site. If you are using VMware SASE for your GRE tunnel, choose VeloCloud; otherwise, choose Default.
- Trust X-Forwarded-For Header: Select to trust IP addresses contained in the X-Forwarded-For (XFF) HTTP header at the tunnel level. If you trust XFF at the tenant level, you can’t select this option.
- Apply to all traffic: Use the XFF HTTP header to identify all user traffic going through the GRE tunnel.
- Apply to specific NAT/proxy IP(s): Use the XFF HTTP header to identify traffic from specific NAT and proxy IP addresses going through the GRE tunnel. Click +Add Another to add multiple IP addresses.
- Traffic Type: Choose the type of traffic traversing the GRE site.
- Click Save and Copy POPs Info to save the GRE site and copy the Netskope POP info to your clipboard. You need this information to establish the primary and backup GRE tunnels on your router/firewall.
