External gateways
—Requires
a Layer 3 or loopback interface and a logical tunnel interface for
the app to establish a connection. The Layer 3/loopback interface
must be in an external zone, such as a DMZ. A tunnel interface can
be in the same zone as the interface connecting to your internal
resources (for example,
trust
). For added
security and better visibility, you can create a separate zone,
such as
corp-vpn
. If you create a separate
zone for your tunnel interface, you must create security policies
that enable traffic to flow between the VPN zone and the trust zone.