VLAN trunks and external interfaces - why untagged not accepted
I know the documentation (and certification exam!) mentions specifically that you can't assign a VLAN interface of type external as the untagged/native VLAN on a VLAN trunk port (instead you convert that port to a regular external interface), but more curious as to whether this is a technical or historic reason for doing so?
Reason is that I am creating some configuration templates for some Fireboxes to be deployed at multiple sites, but in some of the sites the MPLS WAN interface requires a VLAN tag and some do not, and we don't have the choice of which one to use due to differing physical setups (ie. the provider chooses based on numerous factors on their side).
Since our setup treats these as "external" (primarily to use with Multi-WAN which requires interfaces to be defined as external), it means having to keep two sets of templates - one where the VLAN tag is required, and one where it is native.
(The other external interface in my configuration is a straight Internet link, which a BOVPN tunnel will run over as a backup).
This might be more in the realm of a feature request (ie. to allow this setup), but not having worked with WatchGuard devices for that long relatively speaking, just wondering why this is the case.