External gateways
—Requires
a Layer 3 or loopback interface and a logical tunnel interface for
the app to establish a connection. The Layer 3/loopback interface
must be in an external zone, such as a DMZ. A tunnel interface can
be in the same zone as the interface connecting to your internal resources
(for example,
trust
). For added security
and better visibility, you can create a separate zone, such as
corp-vpn
.
If you create a separate zone for your tunnel interface, you must
create security policies that enable traffic to flow between the
VPN zone and the trust zone.