VPN flood attacks questions

Comments

4 comments

  • Avatar
    Firewalla

    As far as I know, the attacks are very much towards SSL VPN's. Firewalla VPN server is WireGuard or OpenVPN, and both of these are authenticated using certificates. Certificates are a lot safer than user/password ... These protocols are also open-source

    Firewalla Gold in beta mode can allow 100 WireGuard profiles, and production is 25. If you are heavy into remote work, the new Firewalla Gold Pro can encrypt at 2 gigabit via WireGuard.

     

    0
    Comment actions Permalink
  • Avatar
    wills

    Thanks for your response.  I just saw the Gold Pro this morning, unfortunately it's not shipping for months, and we need a solution immediately.  I looked at the comparison chart, and the Gold Plus can already do 500 Mbps via Wireguard, which is more bandwidth that we currently have anyway.  Where we are located, there is only one local fiber ISP, and they charge ridiculous prices for business accounts for anything over 300 Mbps.

    Is the production firmware limitation of 25 going to be raised to 100 at some point?  Also, can you switch back and forth between production and beta without losing settings, or are you locked into one mode ore another?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    At the moment, the production limit is 25; This is based on 25 users, each using roughly 20 megabits (encryption), adds up to roughly 500mbit. I believe we can create more, the limit is there so people don't over subscribe the VPN side and reduce CPU for the "security" part.

    Yes, you can easily switch between beta and production.

    0
    Comment actions Permalink
  • Avatar
    wills

    Thank you, very helpful.

    0
    Comment actions Permalink

Please sign in to leave a comment.