IPSec over LAN zone interface
With SG you can configure IPSec site to site using LAN interfaces but with XG you only can configure IPSec site to site over a WAN zone interface. Please allow to do it also over LAN zone interfaces. Thanks
I second that feature request. Background info: in a datacenter environment with BGP, you do not want to build VPN with an IP from the BGP-Transfer networks, because with redundand ISPs there can be quite a few different IP addresses. You want instead use an IP from the subnet that you announce via BGP (in order to have the same VPN-IP even when one of the ISP-Uplinks fails). But that interface won't/can't be in WAN zone.