Hej,
would it be possible to create multiple zones for the VPN type? For example, you could add certain IPSec connections to a certain VPN zone to separate different sections. This would simplify the management of our VPN connections.
Hej,
would it be possible to create multiple zones for the VPN type? For example, you could add certain IPSec connections to a certain VPN zone to separate different sections. This would simplify the management of our VPN connections.
Hello SteppenWolf,
Unfortunately, the current design of zoning in the XG is a "Layer 1" definition wherein the "hardware" interface is defined as the zone. At this time, all VPNs terminate to a virtual hardware loopback interface like ipsec0, tun0 or ppp0. For what you desire, Sophos would have to set the XG to make a virtual interface for each IPSEC connection so that it could have individual zonal configurations. Which is actually a nice idea but not sure it will make it into v18.
The other option would be to make the zoning system interface and logical network based so you could define IPs coming from a range are to be assigned a certain zone when they hit the XG.
It may be something on the cards but the current iterations do not look to be able to support without a substantial change to the system.
Emile
Yes, also an interesting approach. It would be nice if something like that came in that direction. Then the zone system of the XG would be as good as perfect. I hope it will come.
With best regards,
Steppenwolf
Hi Steppenwolf.
Thank you for the feedback. We value your input.
Your feature request will be added to our list for consideration in a future release.
Jan