Products Firewalla Gold Firewalla Purple Firewalla Blue Plus Firewalla Red Firewalla Blue

Feature request: Site to site VPn with third party device or even cloud

Follow
Avatar
John Yue

Hi,

 

would it be possible to add IPSec VPN to Firewalla? So that we can build site to site VPN to public cloud or even with other firewall.

1

Comments

17 comments

Sort by Date Votes
  • Avatar
    Firewalla

    Likely we will look at that after wireguard.   

    0
    Comment actions Permalink
  • Avatar
    Michael Crawford

    Have you added the IPSec v2 VPN site-to-site connection to the Firewalla Gold. I know I need it to set up VPN tunnels to my vendors as many don't use OpenVPN.

    2
    Comment actions Permalink
  • Avatar
    Firewalla

    What vendor are you connecting to?   

    The problem with site to site is, it requires extra settings (routing) on both sides, so even there is a connection, routing setup may not be fully automatic, this is something a challenge for us. 

    0
    Comment actions Permalink
  • Avatar
    Michael Crawford

    I work with software vendors like Azure, AWS, LIMS Software Providers and more. I work with laboratories as a management consultant and need to interface with many different people constantly. 

     

    0
    Comment actions Permalink
  • Avatar
    Kevin Davies

    The ability to establish site to site vpn tunnels with non firewalla devices would be great.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    It is more of the protocol, and how the other side setup the traffic forwarding back to firewalla.  Is it IPSec VPN? or OpenVPN we are talking about?

    0
    Comment actions Permalink
  • Avatar
    Kevin Davies

    It is a standard IPSec VPN.  I really think this is a feature that at minimum the Gold needs to support.  I understand that it will be complicated, but every other product at a similar price point supports this

    1
    Comment actions Permalink
  • Avatar
    John Molchin

    Agree. I have customers with other firewalls, Juniper, PaloAlto, Cisco, Fortinet, etc.. I need to establish Ipsec tunnels. It would be a typical route based vpn setup, phase 1, phase 2, with specific routes pointed to tunnel interfaces, access policies.. etc..

    0
    Comment actions Permalink
  • Avatar
    Firewalla
    • Edited

    We started IPSec VPN halfway and paused it due to an overwhelming request for wireguard.  So likely once we get wireguard out, we will get IPSec VPN.   Likely in 1.973.  (Or 1.974)

    0
    Comment actions Permalink
  • Avatar
    heath
    • Edited

    Where is this in the queue?  anyone who is capable of setting up an IPsec S2S tunnel knows how to set up the routing already.  I have it working just fine between a couple $60 EdgeRouter-X boxes from UI.

    is it possible from the CLI?

    Add my vote to this as a feature request, I also sent an email to help@

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    We may start to experiment with IPSec in-app version 1.49

    2
    Comment actions Permalink
  • Avatar
    heath

    I signed up and am testing the beta box code and the beta of the app, so just let me know and I’ll be happy to test it out and report back.

    0
    Comment actions Permalink
  • Avatar
    Rémi CATTIAU

    Great product overall, just missing the standard ipsec l2tp to make it perfect i guess

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    If you are interested, please let us know what the end point you are trying to talk to. (be specific), I think our developer is looking for testers.  Please send email to help@firewalla.com with that info if you can.

    0
    Comment actions Permalink
  • Avatar
    Yeprem Khoshaba
    • Edited

    Looking to use with Azure. Here is some very specific information, and even instructions should you have access to free Azure credits for development.

    I actually only purchased the unit specifically for this purpose. I felt like I read everything there was on it and specifically chose it for the Site-to-Site VPN capability. Somehow I still managed to miss the glaring support statements claiming it was only site-to-site capable with a second unit which is completely useless for me. But I didn't have time to immediately try to set it up when I got it and didn't learn that until too late. Took about 3months before I had the opportunity to realize it was not able to serve its primary purpose and once I did, I was past my return periods unfortunately.

    I'm still watching these threads and hoping I'll be able to put it to use soon, as I had seen the past comments of near future release of functionality/support.

    So, I'm definitely up for installing the beta and trying to get it configured as time allows, or possibly even providing the connection information to a staging configuration that you could test with directly.

    https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

    https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec

    https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell

    2
    Comment actions Permalink
  • Avatar
    John Yue

    So, do we get any update for IPSec VPN? Actually I am waiting for two years already.😂😂😂

    2
    Comment actions Permalink
  • Avatar
    Firewalla

    We started experimenting with Anyconnect VPN in 1.50, but ... that is proven to be much more costly than what we envisioned. This means, only a very small number of customers use it, and testing that protocol is extremely expensive for us. 

    -1
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post