Using GRE keepalive to check the status of route-based VPN tunnels

You can optionally use GRE keepalive to check that route-based VPN tunnels of the GRE tunnel type are still functioning.

When GRE keepalive is enabled, the NGFW Engine sends keepalive packets at the specified interval. If no reply is received after the specified number of packets, the GRE tunnel is considered to be down.

You can enable and configure GRE keepalive in the properties of tunnel interfaces on NGFW Engines and in the properties of Route-Based VPN Tunnel elements. When you enable GRE keepalive for a tunnel interface on an NGFW Engine, GRE keepalive is used in all GRE route-based VPN tunnels where the tunnel interface is an endpoint. Enabling GRE keepalive for individual route-based VPN tunnels overrides the default settings defined for the tunnel interface on the NGFW Engine.

To use GRE keepalive, your environment must meet these requirements:

• The router to which the NGFW Engine is connected must support GRE keepalive.
• No Encryption must be selected for the Encryption option in the properties of the tunnel interface or Route-Based VPN Tunnel element.