Feature request: Site to site VPn with third party device or even cloud

Comments

48 comments

  • Avatar
    Yeprem Khoshaba

    Looking to use with Azure. Here is some very specific information, and even instructions should you have access to free Azure credits for development.

    I actually only purchased the unit specifically for this purpose. I felt like I read everything there was on it and specifically chose it for the Site-to-Site VPN capability. Somehow I still managed to miss the glaring support statements claiming it was only site-to-site capable with a second unit which is completely useless for me. But I didn't have time to immediately try to set it up when I got it and didn't learn that until too late. Took about 3months before I had the opportunity to realize it was not able to serve its primary purpose and once I did, I was past my return periods unfortunately.

    I'm still watching these threads and hoping I'll be able to put it to use soon, as I had seen the past comments of near future release of functionality/support.

    So, I'm definitely up for installing the beta and trying to get it configured as time allows, or possibly even providing the connection information to a staging configuration that you could test with directly.

    https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

    https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec

    https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell

    8
    Comment actions Permalink
  • Avatar
    John Yue

    So, do we get any update for IPSec VPN? Actually I am waiting for two years already.😂😂😂

    8
    Comment actions Permalink
  • Avatar
    Firewalla

    We may start to experiment with IPSec in-app version 1.49

    5
    Comment actions Permalink
  • Avatar
    Michael Crawford

    Have you added the IPSec v2 VPN site-to-site connection to the Firewalla Gold. I know I need it to set up VPN tunnels to my vendors as many don't use OpenVPN.

    4
    Comment actions Permalink
  • Avatar
    Kevin Davies

    It is a standard IPSec VPN.  I really think this is a feature that at minimum the Gold needs to support.  I understand that it will be complicated, but every other product at a similar price point supports this

    4
    Comment actions Permalink
  • Avatar
    heath

    Where is this in the queue?  anyone who is capable of setting up an IPsec S2S tunnel knows how to set up the routing already.  I have it working just fine between a couple $60 EdgeRouter-X boxes from UI.

    is it possible from the CLI?

    Add my vote to this as a feature request, I also sent an email to help@

    3
    Comment actions Permalink
  • Avatar
    John Molchin

    Agree. I have customers with other firewalls, Juniper, PaloAlto, Cisco, Fortinet, etc.. I need to establish Ipsec tunnels. It would be a typical route based vpn setup, phase 1, phase 2, with specific routes pointed to tunnel interfaces, access policies.. etc..

    2
    Comment actions Permalink
  • Avatar
    heath

    I signed up and am testing the beta box code and the beta of the app, so just let me know and I’ll be happy to test it out and report back.

    2
    Comment actions Permalink
  • Avatar
    EngNezar

    It should be an IPSec between Firewalla and other Firewall brand, not only Azure.

    Such as IPSec - Phase one & Phase two configuration support.

    Firewalla-to-FortiGate

    Firewalla-to-PAloAlto

    etc.

    2
    Comment actions Permalink
  • Avatar
    HC IT Department

    Hi Firewalla, are you guys working on this since you have completed WireGuard? We would also be willing to aid in testing if you guys are working on this, or when you choose to. 

    2
    Comment actions Permalink
  • Avatar
    Brian Thompson

    Oh man! I just bought the Firewalla Gold Plus and my intention was to use this for an IPsec VPN to Azure. I did not double check but who ever heard of creating a business grade firewall that supports VPN but NOT IPsec? This is crazy! And it looks like the request for IPsec is 3 years old!

    Oh yeah, I also am head of technology for an IT managed service provider and we could potentially sell these firewalls to our smaller clients - no chance of that however without the ability to setup IPsec connections to cloud services or to third party firewalls.

    2
    Comment actions Permalink
  • Avatar
    Michael Crawford

    I work with software vendors like Azure, AWS, LIMS Software Providers and more. I work with laboratories as a management consultant and need to interface with many different people constantly. 

     

    1
    Comment actions Permalink
  • Avatar
    Kevin Davies

    The ability to establish site to site vpn tunnels with non firewalla devices would be great.

    1
    Comment actions Permalink
  • Avatar
    Rémi CATTIAU

    Great product overall, just missing the standard ipsec l2tp to make it perfect i guess

    1
    Comment actions Permalink
  • Avatar
    Justin Sharp

    Azure, IPsec s2s, I second Yeprem Khoshaba. Should be very inexpensive to test against Azure. Happy to help test.

    1
    Comment actions Permalink
  • Avatar
    John Semtner

    Has anyone found a work around to this? I too need IPSec to Azure and am looking at buying a different firewall just to achieve this. Anyway to flash the firewalla and install their own?

    1
    Comment actions Permalink
  • Avatar
    Steven Powell

    I really cant believe im reading this i just bought a firewall gold and it doesnt support even the most basic of features. IPSec VPN should be included im happy to test same as others.

    1
    Comment actions Permalink
  • Avatar
    John Molchin

    I’ve waited 3 years for a standard ipsec site to site vpn config. I get the impression that Firewalla just doesn’t get it. I’ll be moving on

    1
    Comment actions Permalink
  • Avatar
    Jo

    Is firewalla alive?

    I'm looking for a firewalla site to site VPN connection to 3rd party routers too. Not especially ipsec, but openvpn etc...

    1
    Comment actions Permalink
  • Avatar
    Gamadio

    @Firewalla Team. It has been 4 Years since this post was started. Same response has been posted over and over again. We seriously deserve to know your roadmap. For me; it will be deciding factor to resale more Firewalla products to my customers or not.

    1
    Comment actions Permalink
  • Avatar
    Kevin Davies

    I don't understand how you are "founded by Cisco engineers" but you still haven't successfully implemented standard IPsec VPN functionality. I had to switch to ubiquity to get this feature. And mind you a UDM which is basically a network in a box costs less than the gold. I regret backing this product.

    0
    Comment actions Permalink
  • Avatar
    John Molchin

    Totally agree, i’ve been looking for the same, I’ve since mothballed my firewalla and forfeited my spend

    0
    Comment actions Permalink
  • Avatar
    Chris Miller

    Supporting IPSec would be "Gold", and expected it to be standard on the higher end - please add!

    0
    Comment actions Permalink
  • Avatar
    Gamadio

    I do not know why I did not run into this discussion before getting in to Firewalla. I had been advocating for Firewalla Gold to my clients, purchased few of them. Now one client (to run his business) needs IPSec S2S vpn with their business partners. Three months into expensive FW purchase, I am now convincing my client to replace firewalla. 

    Firewalla team; Any plans to support this feature? or suggested workaround?

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Gamadio

    Which IPSec S2S VPN solution does your client use? there are many variations.

    Also can i assume Firewalla is going to just be the IPSec client?

    0
    Comment actions Permalink
  • Avatar
    Gamadio

    My Firewalla will be the client. My Supplier is using non-firewalla and supports only IPSec VPN.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Who is the "supplier"? want to know the complexity and see if we can make something generic.

    0
    Comment actions Permalink
  • Avatar
    Gamadio

    My supplier is using FortiGate for IPSec based Site2Site VPN. I need bi-directional connection to/from my company and my supplier.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @gamadio, if we provide something to connect to your supplier, will you be able to configure the supplier device to talk back?

    0
    Comment actions Permalink
  • Avatar
    Gamadio

    As long as it is IPSec with IKEv1/v2 encryption supported; YES. 

    0
    Comment actions Permalink

Please sign in to leave a comment.