- Basically improve L2L VPN capability:
1. VPN encryption domains definition per tunnel (community). Defining the local encryption per gateway instead of per community bring unnecessary complexity. At very minimum integrate subnet_for_range_and_peer with SmartConsole.
2. Improve vpn tu to provide information at what stage is the phase1 sa, for which encryption domains is given phase2 sa. some statistics for encrypted, decrypted packets.
3. Improve route base vpn support. I haven't check what is the status lately with R80.x, but there were some limitations when enabling VTI - some parts of the accelerations were disabled. IMHO route base vpn is more flexible and easy to overcome overlapping encryption domains.
4. Improve tunnel monitor methods, integrate DPD with SmartConsole
- I don't know how to define it, but something like - introduce only one (or two max) remote access vpn clients. Having SNX, enpoint security, endpoint security vpn, secureremote, checkpoint mobile is very complicated and misleading for the customer. It will be easy for the customer and for the administrator if you define: clientless and client ra vpn, while the the same application is used across all OSs, and also same client for SSL or IPsec based vpn.