We want to apply a firewall filtering for a vlan in branches. Each branch has 5 vlans and there are hundreds of branches. We are using a template to manage them all.
Because regular firewall doesn't check packets which go through VPN, we can't apply a firewall rule for a vlan. However VPN firewall which works organization-wide does only support IP/subnet which means i have to configure every vlan seperately which is not feasible. Is there any easier way to do this?
I think I have a similar set-up. Our sites have 4 additional vlans, which I've named, so these can be and pre-configured as part of the template. However , like you I have to configure each individual MX as and when it's deployed. Which will become a pain, I'm sure.
"We wish for a button that could make the global firewall also work on the VPN traffic. Creating rules in the global firewall, and not being able to see / use those on the VPN traffic is just not optimal. This would be a major thing."