Feature Request: Overlapping Tunnel priorities
With locally managed devices, I can specify a remote phase 2 tunnel address that contains the local network of the firebox. For example 10.10.0.0/16 is part of 10.0.0.0/8. This is useful to route traffic without having to enter individual routes.
I am unable to do this with Cloud managed devices.
For example,
Site A - Corporate - All sites connect here via VPN or Metro Ethernet
Site B - Remote B - Has several local networks in the 10.10.0.0/16 space
Site C - Remote C - Has several local networks in the 10.20.0.0/16 space
We do not need to have hub and spoke for our needs (can be over 100 sites) so it is easier to route everything through corporate and simply use a single entry on the remote sites such as Local = 10.10.0.0/16 Remote = 10.0.0.0/8.
With this each site and reach each without me having to add over 100 phase 2 tunnels (or enough to cover with different subnets).
Comments
Also, to have at least 100 tunnels for full inter-site connectivity using specific tunnel setups, the smaller firewall models can't be used.
T80 - 60 tunnels max
M270 - 50
M290 - 75
M370 - 100
M390 - 250
And i recognize I may accomplish this with dynamic routing....but were not there yet.
Makes my needs even more relevant
We use 470's in the corp office.
I works perfectly when both sides are locally managed, but not when cloud managed