We have a multi-nation setup in Europe. The data center is in Zurich. All other locations only need a tunnel and a breakout ISP. All locations have <20 employees.
Basically we could simply use a single XG Firewall and 8 x "RED 50". Unfortunately, the RED 50 in full tunnel mode will use the main office internet connection and - what is worse - the public IP. People from Austria will find the Pizzeria in Zurich, people from France will not be able to access french stores (ip geo-block). This is not an option.
If we split the tunnel, the breakout route to the internet is unprotected and would need another "Firewall" and content filter setup.
As of now, we are stuck at a setup with an XG300+ at the datacenter and 8 x XG135 for the remote locations. This is a lot of XG and a lot of money for a simple IPSEC tunnel with some protection.
Any other suggestions on how to resolve the situation of different ISP in each country, of people wanting to eat a Pizza in their country while having access to the datacenter and still be protected by a firewall/web filter to prevent to usual phishing and distraction?
This thread was automatically locked due to age.