IPSEC VPN with an interface that is not in the WAN zone

Hi IvanildoGalvão 

Thank you for reaching out to the Community! 

This feature is not available as of now to configure IPsec tunnels from the zones other than the WAN zone. It is a feature request. 

Please check out the following thread for more info: https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/f/feedback-and-issues/115849/feature-request---add-non-wan-ports-to-listening-interface-in-ipsec

Thanks,

Hi, thanks for the reply.

I understand, here in my city there are some scenarios where this type of configuration is required, the main reason for this is the fact that companies contract point-to-point links from providers, so customers have no control over these links, so they are left with fear that attackers may intercept packets in traffic, hence the need for an IPSEC tunnel.

I am at this very moment deploying two XG 310 in HA for a client, the same one will then be without this VPN that until then worked on its previous firewall (SonicWall), I will inform you that at the moment the communication between the parent company and branch, it will only be via routing and firewall rules.

Greetings !

Hi, thanks for the reply.

I understand, here in my city there are some scenarios where this type of configuration is required, the main reason for this is the fact that companies contract point-to-point links from providers, so customers have no control over these links, so they are left with fear that attackers may intercept packets in traffic, hence the need for an IPSEC tunnel.

I am at this very moment deploying two XG 310 in HA for a client, the same one will then be without this VPN that until then worked on its previous firewall (SonicWall), I will inform you that at the moment the communication between the parent company and branch, it will only be via routing and firewall rules.

Greetings !