For greater flexibility and networking capabilities, you can configure a Branch Office VPN (BOVPN) as a virtual interface. A BOVPN virtual interface is supported only for a branch office VPN tunnel between Firebox or XTM devices that run Fireware XTM v11.8 or higher.
A BOVPN virtual interface defines a BOVPN tunnel that is treated in the configuration like an interface. A BOVPN virtual interface enables you to configure the Firebox or XTM device to treat the VPN tunnel as another interface. The Firebox or XTM device uses the routes table to determine whether to route a packet through the BOVPN virtual interface or through another interface.
When you use a BOVPN virtual interface, you can:
You cannot configure policy-based routing for failover from a BOVPN virtual interface or to a BOVPN virtual interface.
You can simultaneously configure BOVPN gateways and tunnels, and BOVPN virtual interfaces. You can configure each BOVPN gateway endpoint pair in a branch office VPN gateway or within a BOVPN virtual interface, but not both at the same time.
A BOVPN virtual interface provides greater scalability for organizations that have dynamic networks. This is because you do not need to change the BOVPN tunnel route configuration when network changes are made on one or both sides of the BOVPN tunnel. This is especially valuable if you have local networks behind the Firebox or XTM devices that were learned through routers, and you want these networks to be accessible through the BOVPN.
A BOVPN virtual interface supports multicast routing, but does not support broadcast routing.
BOVPN Virtual Interface Configuration Scenarios
Configure a BOVPN Virtual Interface