US Patent 11956213 Using firewall policies to map data messages to secure tunnels

Some embodiments of the invention provide a method for transmitting data messages via secure tunnels in a network. The method is performed at a gateway device. The method determines that a data message received at the gateway device should be sent via a secure interface of the gateway device. The method matches the data message to a firewall rule that maps to a particular secure tunnel used by the secure interface, with multiple different firewall rules mapping to multiple different secure tunnels used by the secure interface. The method encapsulates the data message with a header that comprises an indicator value specifying the particular secure tunnel and forwards the encapsulated data message to a destination interface.