Generic Routing Encapsulation overview

Generic Routing Encapsulation (GRE) is a tunneling protocol used to encapsulate and route data via a virtual point-to-point connection.

The GRE tunnel provides a simple method to encapsulate web traffic (port 80 and 443) and forward it to the Cloud SWG service from your sites (Corporate Office, Branch Office and so on).

By default, two Forcepoint data centers are provided for Cloud SWG. Forcepoint strongly recommends configuring your edge devices to fail over to second data center for geographic redundancy. Tunnels should be configured with automatic failover. Each data center has a tunnel monitoring address that can be used to monitor the status of the connection.

Note: Connection redundancy is a requirement for the Forcepoint ONE SSE SLA. Redundancy can be achieved by configuring connections to both data centers addresses provided and configuring your edge device to fail over in the event of network disruption.

This guide describes how to configure the Cisco ISR routers using the Forcepoint ONE SSE Cloud SWG GRE tunnel configurations. The GRE configuration below utilizes Cisco IOS XE commands and concepts.