Feature request: Site to site VPn with third party device or even cloud

Comments

48 comments

  • Avatar
    Firewalla

    Likely we will look at that after wireguard.   

    -2
    Comment actions Permalink
  • Avatar
    Michael Crawford

    Have you added the IPSec v2 VPN site-to-site connection to the Firewalla Gold. I know I need it to set up VPN tunnels to my vendors as many don't use OpenVPN.

    4
    Comment actions Permalink
  • Avatar
    Firewalla

    What vendor are you connecting to?   

    The problem with site to site is, it requires extra settings (routing) on both sides, so even there is a connection, routing setup may not be fully automatic, this is something a challenge for us. 

    -2
    Comment actions Permalink
  • Avatar
    Michael Crawford

    I work with software vendors like Azure, AWS, LIMS Software Providers and more. I work with laboratories as a management consultant and need to interface with many different people constantly. 

     

    1
    Comment actions Permalink
  • Avatar
    Kevin Davies

    The ability to establish site to site vpn tunnels with non firewalla devices would be great.

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    It is more of the protocol, and how the other side setup the traffic forwarding back to firewalla.  Is it IPSec VPN? or OpenVPN we are talking about?

    -1
    Comment actions Permalink
  • Avatar
    Kevin Davies

    It is a standard IPSec VPN.  I really think this is a feature that at minimum the Gold needs to support.  I understand that it will be complicated, but every other product at a similar price point supports this

    4
    Comment actions Permalink
  • Avatar
    John Molchin

    Agree. I have customers with other firewalls, Juniper, PaloAlto, Cisco, Fortinet, etc.. I need to establish Ipsec tunnels. It would be a typical route based vpn setup, phase 1, phase 2, with specific routes pointed to tunnel interfaces, access policies.. etc..

    2
    Comment actions Permalink
  • Avatar
    Firewalla

    We started IPSec VPN halfway and paused it due to an overwhelming request for wireguard.  So likely once we get wireguard out, we will get IPSec VPN.   Likely in 1.973.  (Or 1.974)

    -2
    Comment actions Permalink
  • Avatar
    heath

    Where is this in the queue?  anyone who is capable of setting up an IPsec S2S tunnel knows how to set up the routing already.  I have it working just fine between a couple $60 EdgeRouter-X boxes from UI.

    is it possible from the CLI?

    Add my vote to this as a feature request, I also sent an email to help@

    3
    Comment actions Permalink
  • Avatar
    Firewalla

    We may start to experiment with IPSec in-app version 1.49

    5
    Comment actions Permalink
  • Avatar
    heath

    I signed up and am testing the beta box code and the beta of the app, so just let me know and I’ll be happy to test it out and report back.

    2
    Comment actions Permalink
  • Avatar
    Rémi CATTIAU

    Great product overall, just missing the standard ipsec l2tp to make it perfect i guess

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    If you are interested, please let us know what the end point you are trying to talk to. (be specific), I think our developer is looking for testers.  Please send email to help@firewalla.com with that info if you can.

    -3
    Comment actions Permalink
  • Avatar
    Yeprem Khoshaba

    Looking to use with Azure. Here is some very specific information, and even instructions should you have access to free Azure credits for development.

    I actually only purchased the unit specifically for this purpose. I felt like I read everything there was on it and specifically chose it for the Site-to-Site VPN capability. Somehow I still managed to miss the glaring support statements claiming it was only site-to-site capable with a second unit which is completely useless for me. But I didn't have time to immediately try to set it up when I got it and didn't learn that until too late. Took about 3months before I had the opportunity to realize it was not able to serve its primary purpose and once I did, I was past my return periods unfortunately.

    I'm still watching these threads and hoping I'll be able to put it to use soon, as I had seen the past comments of near future release of functionality/support.

    So, I'm definitely up for installing the beta and trying to get it configured as time allows, or possibly even providing the connection information to a staging configuration that you could test with directly.

    https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

    https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec

    https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell

    8
    Comment actions Permalink
  • Avatar
    John Yue

    So, do we get any update for IPSec VPN? Actually I am waiting for two years already.😂😂😂

    8
    Comment actions Permalink
  • Avatar
    Firewalla

    We started experimenting with Anyconnect VPN in 1.50, but ... that is proven to be much more costly than what we envisioned. This means, only a very small number of customers use it, and testing that protocol is extremely expensive for us. 

    -5
    Comment actions Permalink
  • Avatar
    Justin Sharp

    Azure, IPsec s2s, I second Yeprem Khoshaba. Should be very inexpensive to test against Azure. Happy to help test.

    1
    Comment actions Permalink
  • Avatar
    EngNezar

    It should be an IPSec between Firewalla and other Firewall brand, not only Azure.

    Such as IPSec - Phase one & Phase two configuration support.

    Firewalla-to-FortiGate

    Firewalla-to-PAloAlto

    etc.

    2
    Comment actions Permalink
  • Avatar
    John Semtner

    Has anyone found a work around to this? I too need IPSec to Azure and am looking at buying a different firewall just to achieve this. Anyway to flash the firewalla and install their own?

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    I know azure supports openvpn protocol, have you tried that?

    -2
    Comment actions Permalink
  • Avatar
    Kevin Davies

    I don't understand how you are "founded by Cisco engineers" but you still haven't successfully implemented standard IPsec VPN functionality. I had to switch to ubiquity to get this feature. And mind you a UDM which is basically a network in a box costs less than the gold. I regret backing this product.

    0
    Comment actions Permalink
  • Avatar
    Steven Powell

    I really cant believe im reading this i just bought a firewall gold and it doesnt support even the most basic of features. IPSec VPN should be included im happy to test same as others.

    1
    Comment actions Permalink
  • Avatar
    John Molchin

    I’ve waited 3 years for a standard ipsec site to site vpn config. I get the impression that Firewalla just doesn’t get it. I’ll be moving on

    1
    Comment actions Permalink
  • Avatar
    Jo

    Is firewalla alive?

    I'm looking for a firewalla site to site VPN connection to 3rd party routers too. Not especially ipsec, but openvpn etc...

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    We are here. It is a bit hard for 3rd party routers, since when using firewalla devices, it will automatically insert the routes needed, and with a 3rd party, the return routes may not be possible, unless you figure out how to set it up. 

    -2
    Comment actions Permalink
  • Avatar
    HC IT Department

    Hi Firewalla, are you guys working on this since you have completed WireGuard? We would also be willing to aid in testing if you guys are working on this, or when you choose to. 

    2
    Comment actions Permalink
  • Avatar
    Firewalla

    this is as close as we can get to a mesh https://help.firewalla.com/hc/en-us/articles/15766848784275-Firewalla-MSP-VPN-Mesh

     

    -1
    Comment actions Permalink
  • Avatar
    Brian Thompson

    Oh man! I just bought the Firewalla Gold Plus and my intention was to use this for an IPsec VPN to Azure. I did not double check but who ever heard of creating a business grade firewall that supports VPN but NOT IPsec? This is crazy! And it looks like the request for IPsec is 3 years old!

    Oh yeah, I also am head of technology for an IT managed service provider and we could potentially sell these firewalls to our smaller clients - no chance of that however without the ability to setup IPsec connections to cloud services or to third party firewalls.

    2
    Comment actions Permalink
  • Avatar
    John Molchin

    Totally agree, i’ve been looking for the same, I’ve since mothballed my firewalla and forfeited my spend

    0
    Comment actions Permalink

Please sign in to leave a comment.