Netskope Help

Netskope GRE with Palo Alto Networks NGFW

Generic Routing Encapsulation (GRE) is a tunneling protocol for encapsulating packets inside a transport protocol. GRE is a direct point-to-point connection across a network, but without encryption. It transports packets from one endpoint to another endpoint. Netskope supports using GRE with Palo Alto Networks Next-Generation Firewall (NGFW).

GRE is ideal for steering HTTP and HTTPS traffic to the Netskope cloud. The Netskope GRE gateway validates the source IP address of the tunnel configured in the Netskope UI.

Always create at least two GRE tunnels for each egress location in your network. Having multiple GRE tunnels ensures that connectivity is maintained in the event of an outage on the primary tunnel. The second GRE tunnel takes over until the first GRE tunnel gets restored. The second tunnel should be connected to a different Netskope data center than the first tunnel.

Workflow

Integrating Netskope GRE with Palo Alto Networks NGFW includes these steps:

  1. Netskope GRE configuration.

  2. Palo Alto Networks NGFW configuration.

  3. Verify the GRE connection.