See why interactions between people, data, and technology will drive cyber risk to all time highs in 2019.

Our Blog

Announcing general availability of GRE tunneling

Share

Wednesday, Nov 28, 2018

In a previous blog post we discussed the variety of deployment options available for customers to secure their environment using Forcepoint Web Security Cloud. Just this month Forcepoint released another option: GRE connectivity to worldwide general availability.

Now, Forcepoint offers two different tunneling mechanisms (GRE and IPSec) to provide customers with a choice on how to transparently redirect web traffic to the Forcepoint Cloud.

Tunneling protects the office infrastructure without requiring endpoint software installation or any new hardware or virtual appliances. Instead, existing networking equipment at the customer’s edge, such as a router or a firewall, is configured to wrap outbound traffic in either a GRE protocol or an IPSec tunnel to the Forcepoint Cloud where web-based threats are stopped.

Both GRE and IPSec have their pros and cons. The following table is a good comparison of the two options:

GRE

IPSec

  • Much easier to setup than IPSec
  • Excellent interoperability with routers
  • Firewalls such as Cisco ASA, Palo Alto and Check Point do not support GRE
  • Supports dynamic IP at the edge (the edge router at the site must have a static IP assigned to its public interface)
  • Supported by both routers and firewalls
  • More secure, as all communications within the IPSec tunnel are encrypted

While tunneling can be used for sending any type of web traffic to the Forcepoint cloud, we see customers choosing GRE and IPSec for the following use cases in particular:

  • Remote office connectivity, where ease of setup is important
  • Guest WiFi and unmanaged devices, where endpoint installation is not an option
  • Policy and reporting based on internal IP addresses, as the tunneling permits the customer’s private IP address space to be seen by the Forcepoint Cloud proxy

Ultimately each security professional must make the choice that best fits their organization’s unique needs. The good news is that Forcepoint has added to its large list of available options to support those needs.

For more information on Forcepoint Web Security product, we invite you to view our brochure.

About the Author

Darryl Strucko

Darryl Strucko is a product manager at Forcepoint with a focus on Secure Web Cloud Infrastructure.   He has 20 years of experience in software, networking and information security.  Darryl holds Master’s and Bachelor’s degrees in Electrical Engineering from Johns Hopkins University and Virginia...