IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
Creating or modifying an IPsec interface (VTI)
These interfaces make it possible to set up routed IPsec tunnels. The virtual IPsec interface acts as a traffic endpoint and all packets routed to this interface will then be encrypted. Such configurations may allow, for example, making QoS traffic pass through a dedicated IPsec tunnel: high-priority traffic will then take a specific tunnel while other traffic will go through a second tunnel.
To create or modify a virtual IPsec interface, click on the “IPsec interfaces (VTI)” tab.
Button bar
| Search |
Search that covers interfaces. |
| Add |
Adds an “empty” interface. An added interface (sending of a command) is effective only if its fields Name, IP address and Network mask have been entered. |
| Delete |
Deletes one or several selected interfaces. Use the keys Ctrl/Shift + Delete to delete several interfaces. |
| Check usage |
Represented by the icon |
, this button indicates whether the selected interface is being used elsewhere in the configuration.
|
Apply |
Sends the configuration of the IPsec interfaces. |
|
Cancel |
Cancels the configuration of the IPsec interfaces. |
Interactive features
Some operations listed in the taskbar can be performed by right-clicking on the table of virtual IPsec interfaces:
- Add,
- Delete,
- Check usage.
Presentation of the table
The table sets out five fields of information:
| Status |
Status of the interfaces:
|
|
Name (mandatory) |
Give the IPsec interface a name. NOTE Please refer to the section Allowed names to find out which characters are allowed and prohibited in various fields.
|
| IPv4 address (mandatory), |
Enter the IP address assigned to the virtual interface created. |
| IPv4 mask (mandatory), |
The default value suggested is 255.255.255.252. Since virtual IPsec interfaces are meant for setting up point-to-point tunnels, a network that allows assigning two addresses is sufficient in theory. This value may however be customized. |
| Protected |
Double-click on this cell to modify the interface type:
|
|
Comments (optional) |
Any text. |
Enabled: Double-click to enable the created interface. 
Disabled: The interface is not in operation. The line will be grayed out in order to reflect this.