Creating and monitoring VPN tunnels

In SMC, you can create and manage site-to-site IPSec VPN topologies that connect private networks securely through a public network. VPN topologies can be configured based on policies or routes:

  • A policy-based VPN tunnel links firewall-protected networks or sub-networks to one another, and encrypts and encapsulates traffic between these networks, which are described in a policy. Such topologies are used in the standard operating mode. This feature is available on SN firewalls in version 3.0 or later.
  • A route-based VPN tunnel uses IPsec virtual tunnel interfaces (VTI) to link firewalls. These interfaces are considered as input and output points for the traffic passing through the tunnel. This traffic is described by routes. This feature is available on SN firewalls in version 3.3 or later.

In both cases, either star or mesh topologies can be used.

SMC 2 Version does not support VPN topologies in IPv6. If a topology includes network objects in IPv6, they will be ignored during deployment. If a topology relies on network objects with a dual IPv4/IPv6 configuration, only the configuration in IPv4 will be applied and the IPv6 configuration ignored.

Refer to the following sections to create policy-based or route-based VPN topologies.