Creating a GRE Site

Creating a GRE Site

To create an GRE site:

  1. Go to Settings > Security Cloud Platform > GRE.

  2. Click Create New and then New GRE Site.

  3. In the New GRE Site window, for Site Name, enter a name for the GRE site.

  4. In the Basic Settings tab:

    • Source IP Address: Enter the source peer IP address (i.e., exit public IP) of the router or firewall that Netskope will receive packets from. Netskope identifies traffic belonging to your organization through your router or firewall IP addresses.

    • Primary Netskope POP: Select the closest primary Netskope point of presence (POP) in your country. For optimal performance, Netskope recommends:

    • Failover Netskope POP: Select the second closest Netskope POP in your country to use as the backup/failover site. For optimal performance, see the previous recommendations.

    • Sort Netskope POPs by geographical distance: Select to sort the Netskope POP list by the closest geographical distance. You can search for the nearest POP by entering an IP address or longitude and latitude coordinates.

    • Maximum Bandwidth: Enter the maximum bandwidth for the GRE tunnel. The tunnel size can be up to 1 Gbps.

    The Basic Settings in the New GRE Site window.
  5. (Optional) In the Advanced Settings tab:

    • Traffic Type: Choose the type of traffic traversing the GRE site. You can use this option to classify your tunnel traffic and a build usage report.

      • User

      • IoT

      • Mixed

      • Machine

      • Guest Wifi

    • Additional Netskope POP: You can select a maximum of 9 more POPs; however additional POPs are best-effort. For licensed high-capacity tunnels, additional Netskope POPs are not supported. For optimal performance, Netskope recommends:

    • Vendor: Choose the vendor of the third-party router or firewall that’s associated with the GRE site. If you are using VMware SASE for your GRE tunnel, choose VeloCloud; otherwise, choose Default.

    • Trust X-Forwarded-For Header: Select to trust IP addresses contained in the X-Forwarded-For (XFF) HTTP header at the tunnel level. If you trust XFF at the tenant level, you can’t select this option.

      • Apply to all traffic: Use the XFF HTTP header to identify all user traffic going through the GRE tunnel.

      • Apply to specific NAT/proxy IP(s): Use the XFF HTTP header to identify traffic from specific NAT and proxy IP addresses going through the GRE tunnel. Click +Add Another to add multiple IP addresses.

    The Advanced Settings in the New GRE Site window.
  6. Click Save and Copy POPs Info to save the GRE site and copy the Netskope POP info to your clipboard. You need this information to establish the primary and backup GRE tunnels on your router/firewall.

Share this Doc

Creating a GRE Site

Or copy link

In this topic ...