Feature Request - Multiple zones with type VPN

Hej,

would it be possible to create multiple zones for the VPN type? For example, you could add certain IPSec connections to a certain VPN zone to separate different sections. This would simplify the management of our VPN connections.

Parents
  • Hello SteppenWolf,

    Unfortunately, the current design of zoning in the XG is a "Layer 1" definition wherein the "hardware" interface is defined as the zone. At this time, all VPNs terminate to a virtual hardware loopback interface like ipsec0, tun0 or ppp0. For what you desire, Sophos would have to set the XG to make a virtual interface for each IPSEC connection so that it could have individual zonal configurations. Which is actually a nice idea but not sure it will make it into v18.

    The other option would be to make the zoning system interface and logical network based so you could define IPs coming from a range are to be assigned a certain zone when they hit the XG.

    It may be something on the cards but the current iterations do not look to be able to support without a substantial change to the system.

    Emile

Reply
  • Hello SteppenWolf,

    Unfortunately, the current design of zoning in the XG is a "Layer 1" definition wherein the "hardware" interface is defined as the zone. At this time, all VPNs terminate to a virtual hardware loopback interface like ipsec0, tun0 or ppp0. For what you desire, Sophos would have to set the XG to make a virtual interface for each IPSEC connection so that it could have individual zonal configurations. Which is actually a nice idea but not sure it will make it into v18.

    The other option would be to make the zoning system interface and logical network based so you could define IPs coming from a range are to be assigned a certain zone when they hit the XG.

    It may be something on the cards but the current iterations do not look to be able to support without a substantial change to the system.

    Emile

Children