Hi Slawek, Good point, I should have calrified that the "other end" can be any vendor (that support IPSec and OSPF). I meant to imply this by talking about standards based protocols. I can understand that GRE could be desirable in some instances. Currently, we support IPSec and OSPF which will also be supported by the majority of VPN end points. I expect the work flow would be: Establish an IPSec tunnel between the Palo Alto Device and 'Other Vendor' Device Establish an OSPF neighbour relationship between devices Of course very high level, as you have the document to refer to. If you need any further information, please let us know Thanks James
... View more