Why does the GRE tunnel not come up in Azure Cloud
22054
Created On 10/23/19 02:46 AM - Last Modified 02/05/25 01:44 AM
Question
Why does the GRE (Generic Routing Encapsulation) tunnel not come up in Azure Cloud?
Environment
- Palo Alto Firewalls.
- PAN-OS 9.0.
- GRE tunnel configuration to a device in or through Azure cloud.
Answer
Azure Cloud does not support GRE Tunnel. Any firewall configured to terminate GRE tunnel at a device on Azure cloud will not come up
Similarly, any firewall configured to terminate the GRE tunnel to a device connected through the Azure cloud will not come up.
Additional Information
- Termination of the GRE tunnel on Palo Alto is supported in PAN-OS 9.0 onwards.
What protocols can I use within VNets?
You can use TCP, UDP, and ICMP TCP/IP protocols within VNets. Unicast is supported within VNets, with the exception of Dynamic Host Configuration Protocol (DHCP) via Unicast (source port UDP/68 / destination port UDP/67). Multicast, broadcast, IP-in-IP encapsulated packets, and Generic Routing Encapsulation (GRE) packets are blocked within VNets.
You can use TCP, UDP, and ICMP TCP/IP protocols within VNets. Unicast is supported within VNets, with the exception of Dynamic Host Configuration Protocol (DHCP) via Unicast (source port UDP/68 / destination port UDP/67). Multicast, broadcast, IP-in-IP encapsulated packets, and Generic Routing Encapsulation (GRE) packets are blocked within VNets.