History for Site-to-Site VPN
|
Feature |
Minimum Management Center |
Minimum Threat Defense |
Details |
|---|---|---|---|
|
IPsec flow offload |
7.4 |
Any |
IPsec flow offload is automatically enabled on the VTI loopback interface on Secure Firewall 3100 and Secure Firewall 4200 devices. |
|
Umbrella SASE Topology |
7.3 |
Any |
You can configure an Umbrella SASE topology and deploy IPsec IKEv2 tunnels between a threat defense device and Umbrella. This tunnel forwards all internet-bound traffic to the Umbrella Secure Internet Gateway (SIG) for inspection and filtering. |
|
Support for Dynamic Virtual Tunnel Interface |
7.3 |
Any |
You can create a dynamic VTI and use it to configure a route-based site-to-site VPN in a hub and spoke topology. |
|
EIGRP IPv4 support for VTI |
7.3 |
Any |
Static and dynamic VTI interfaces support EIGRP IPv4 routing protocol. |
|
OSPFv2/v3 IPv4/v6 support for VTI |
7.3 |
Any |
Static and dynamic VTI interfaces support OSPFv2/v3 IPv4/v6 routing protocol. |
|
Packet Tracer in Site to Site VPN Monitoring Dashboard |
7.3 |
Any |
Use the packet tracer tool in the site-to-site VPN monitoring dashboard to troubleshoot the threat defense VPN tunnels. New/Modified screens: Overview > Dashboards > Site to Site VPN |
|
Remote Access VPN Dashboard |
7.3 |
Any |
Use the Remote Access VPN dashboard to monitor real-time data from active remote access VPN sessions on the devices. New/Modified screens: Overview > Dashboards > Remote Access VPN |
|
IPsec flow offload |
7.2 |
Any |
On the Secure Firewall 3100, IPsec flows are offloaded by default. After the initial setup of an IPsec site-to-site VPN or remote access VPN security association (SA), IPsec connections are offloaded to the field-programmable gate array (FPGA) in the device, which should improve device performance. You can change the configuration using FlexConfig and the flow-offload-ipsec command. |