Hello folks, We've got a dark fibre circuit being delivered over the coming weeks. We've ordered 3 x CRS326-24S+2Q+RM (one for each end plus a cold spare). Our plan is to route local network traffic over the service, which obviously requires us to secure it through some form of encryption. This then leads me to my next question. Some people I've spoken to are telling us to run an IPsec tunnel across between the two FortiGate appliances we have at either end, some are telling us to look at MACsec to offload the traffic from the L3 side of things onto L2. How new is the MACsec implementation on the CRS326? What performance benefits or detriments are we likely to see from using MACsec as opposed to IPsec tunnels? The only reason I'm considering it is because it reduces the IP overhead and reduces the workload on the FortiGate appliances. Regards, Christopher Hawker