Traffic must sometimes be exchanged over networks that are not controlled or with less protection of exchanged data. In such cases, there are higher risks of data leaks or tampering, and with more serious consequences. Data must therefore be exchanged between authenticated entities through channels that guarantee integrity and confidentiality. Encrypted IPsec VPN tunnels meet such needs. This section describes the configuration policy to apply to SNS firewalls used as encrypting gateways.