Configure GRE Tunnels on Secure Web Gateway

To configure a GRE tunnel on Secure Web Gateway, you specify an external IP address to serve as your web traffic collection point. After you have saved this address, Secure Web Gateway allocates two GRE tunnels that connect it to your network. Two tunnels are allocated to ensure failover functions.

You can also specify and save more than one external IP address.

1. On the user interface for Secure Web Gateway, place your mouse pointer over the settings icon in the top right corner, then select Infrastructure > Web Gateway Setup from the drop-down menus.

2. On the setup main page, scroll down to Configure Locations and click New Location.

3. On the Configure Location page, type a name for the location in the Name field, for example, London.
   
   

4. If you want to add SAML authentication as method for authenticating users who send requests for web access, select a configuration from the list provided under Select SAML Configuration. Users are then authenticated according to the settings of this configuration.
   
   If you have configured SAML authentication as part of your web policy, select None here. Otherwise, SAML authentication will not use the settings you have configured for your web policy, but the settings of the configuration that you have selected here.
   
   To use advanced settings for SAML authentication, you need to configure them under your web policy. 

5. If you want to store log data about web traffic in a particular region, select this region from the list provided under Log Data Residency.

6. As mapping type for this location, select GRE Tunnel Mapping.
   
   

7. Optionally specify one or more reserved subnets. Secure Web Gateway will not use an IP address from within these subnets as the external IP address.
   
   Under Subnet, type the subnet range for each subnet you want to specify, for example, 100.64.0.0/4. You can also add a plain-text comment for each subnet. Use the + icon to add more subnets.
   
   
   
   Or click Add Subnet and select Import CSV from the drop-down menu to import the subnet range in a .csv file using the file manager on your system.

8. Specify one or more external IP addresses.
   
   Under External address, type the IP address you want to use, for example, 203.0.13.0. You can also add a plain-text comment for each external IP address. Use the + icon to add addresses.
   
   
   
   Or click Add Address and select Import CSV from the drop-down menu to import the external IP addess in a .csv file using the file manager on your system.

9. Click Save.

After you have saved these settings, Secure Web Gateway allocates two GRE tunnels as follows:

• Primary GRE tunnel — Connects your network to Secure Web Gateway on the Point of Presence (PoP) in the cloud that is usually best available.

• Secondary GRE tunnel — Connects your network to Secure Web Gateway on the Point of Presence (PoP) in the cloud that is second in availability when the first PoP happens to be not available.

You can view the settings for the tunnels on the user interface. For more information about routing web traffic to the best available Point of Presence, see Routing Web Traffic to PoPs.

Secure Web Gateway also provides IP addresses that you need to configure interfaces for the GRE tunnels on the network device or in the SD-WAN service that you are using, see Configuring GRE Tunnels on Your Network Device or in Your SD-WAN Service.