Feature Request - Multiple zones with type VPN

Hello SteppenWolf,

Unfortunately, the current design of zoning in the XG is a "Layer 1" definition wherein the "hardware" interface is defined as the zone. At this time, all VPNs terminate to a virtual hardware loopback interface like ipsec0, tun0 or ppp0. For what you desire, Sophos would have to set the XG to make a virtual interface for each IPSEC connection so that it could have individual zonal configurations. Which is actually a nice idea but not sure it will make it into v18.

The other option would be to make the zoning system interface and logical network based so you could define IPs coming from a range are to be assigned a certain zone when they hit the XG.

It may be something on the cards but the current iterations do not look to be able to support without a substantial change to the system.

Emile

Hello SteppenWolf,

Unfortunately, the current design of zoning in the XG is a "Layer 1" definition wherein the "hardware" interface is defined as the zone. At this time, all VPNs terminate to a virtual hardware loopback interface like ipsec0, tun0 or ppp0. For what you desire, Sophos would have to set the XG to make a virtual interface for each IPSEC connection so that it could have individual zonal configurations. Which is actually a nice idea but not sure it will make it into v18.

The other option would be to make the zoning system interface and logical network based so you could define IPs coming from a range are to be assigned a certain zone when they hit the XG.

It may be something on the cards but the current iterations do not look to be able to support without a substantial change to the system.

Emile

Yes, also an interesting approach. It would be nice if something like that came in that direction. Then the zone system of the XG would be as good as perfect. I hope it will come.