Types of VPNs in Forcepoint Network Security Platform
Forcepoint Network Security Platform provides two types of VPNs. The main difference between the two is how traffic is selected to use the VPN.
- Policy-based VPNs are configured using Policy-Based VPN elements. The Engine Access rules define which traffic is sent to the VPN and which traffic is allowed out of the VPN.
- Route-based VPNs are configured using the Route-based Tunnels elements. Any traffic that is routed to engine interfaces that are designated as endpoints for a VPN tunnel is sent into the VPN tunnel. If Access rules allow the traffic, it is automatically sent through the tunnel to the peer endpoint.
Policy-based VPNs are recommended for the following uses:
- To create mobile VPNs with IPsec tunnels, SSL VPN tunnels, or both IPsec and SSL VPN tunnels.
- To easily create VPN topologies with multiple connections between multiple gateways, such as full mesh, partial mesh, star, and hub topologies.
Route-based Tunnels are recommended for the following uses:
- To use VPN tunnels as paths in dynamic routing.
- To protect the integrity of dynamic routing communications that are sent through the Internet.
- To protect and route multicast streams through the Internet.
- To configure GRE, IP-IP, or SIT tunnels that encapsulate traffic but do provide encryption.