Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Feature request: Site to site VPn with third party device or even cloud

Follow
Avatar
John Yue

Hi,

 

would it be possible to add IPSec VPN to Firewalla? So that we can build site to site VPN to public cloud or even with other firewall.

9

Comments

54 comments

Sort by Date Votes
  • Avatar
    Chris Miller

    Supporting IPSec would be "Gold", and expected it to be standard on the higher end - please add!

    0
    Comment actions Permalink
  • Avatar
    Gamadio

    I do not know why I did not run into this discussion before getting in to Firewalla. I had been advocating for Firewalla Gold to my clients, purchased few of them. Now one client (to run his business) needs IPSec S2S vpn with their business partners. Three months into expensive FW purchase, I am now convincing my client to replace firewalla. 

    Firewalla team; Any plans to support this feature? or suggested workaround?

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Gamadio

    Which IPSec S2S VPN solution does your client use? there are many variations.

    Also can i assume Firewalla is going to just be the IPSec client?

    0
    Comment actions Permalink
  • Avatar
    Gamadio

    My Firewalla will be the client. My Supplier is using non-firewalla and supports only IPSec VPN.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Who is the "supplier"? want to know the complexity and see if we can make something generic.

    0
    Comment actions Permalink
  • Avatar
    Gamadio

    My supplier is using FortiGate for IPSec based Site2Site VPN. I need bi-directional connection to/from my company and my supplier.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @gamadio, if we provide something to connect to your supplier, will you be able to configure the supplier device to talk back?

    0
    Comment actions Permalink
  • Avatar
    Gamadio

    As long as it is IPSec with IKEv1/v2 encryption supported; YES. 

    0
    Comment actions Permalink
  • Avatar
    Niall Connellan

    Similar situation here.  In need of connecting a Firewalla Gold Plus to a FortiGate device using IPSec IKEv2 vpn setup. @Firewalla until you release the feature, what do you recommend?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Hi Niall, we are evaluating this now and see if we can do something with in. I assume, as I said earlier. it won't be as simple as how you set up firewalla to firewallal site to site ... 

    0
    Comment actions Permalink
  • Avatar
    saroch kamjikong

    I need to because cloud use only IKE2 and IPsec please add feature in GOLD.

    0
    Comment actions Permalink
  • Avatar
    Gamadio

    @Firewalla Team. It has been 4 Years since this post was started. Same response has been posted over and over again. We seriously deserve to know your roadmap. For me; it will be deciding factor to resale more Firewalla products to my customers or not.

    1
    Comment actions Permalink
  • Avatar
    Aditya Gulia

    It would be great if the Firewalla can support IKEv1/IKEv2 IPsec VPN to other vendors. It’s expected that the static route configuration must be performed at the other vendor device as well.
    Another option could be to use BGP to control the routes exchanged between peers.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    We are working on something at the moment on IPSEC or SSL VPN, not sure when it is usable. Due to the complexity of these protocols interacting with other IPSEC VPN services, the configuration part will likely to be with the MSP, as a flat text file. (there is no way to make them like wireguard VPN)

    0
    Comment actions Permalink
  • Avatar
    Mina Abiskhiroon
    Can S2S VPN tunnels be created/forms with 3rd part FWs such as pfSense, etc.?
    0
    Comment actions Permalink
  • Avatar
    Johnny Loh

    I strongly support the need for IPSEC site to site as well. As a small business, we sought to have our apps hosted on Azure cloud, and hence the connection. Setting up a wireguard server in Azure sounds complicated.

    0
    Comment actions Permalink
  • Avatar
    Johnny Loh

    on the interim, can buy a wireguard server off the azure market place. 

    https://azuremarketplace.microsoft.com/en-en/marketplace/apps/belindaczsro1588885355210.belvmusrvwg01?tab=Overview

    0
    Comment actions Permalink
  • Avatar
    Mina Abiskhiroon

    So, are there plans for Firewalla to allow creating a S2S VPN tunnels with 3rd party FWs such as Plo Alto, pfSense, etc.,?

    1
    Comment actions Permalink
  • Avatar
    RB

    +1 for IPSEC VPN tunnels to the cloud providers & Enterprise firewalls like Palo and Fortinet.  BGP for routing too.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Site to site is extremely complex between different vendors. We helped one MSP using the msp interface to get it working between a firewalla and a UDM using IPSEC, and we all agreed, it is not possible to implement this via the phone interface. It may be possible to make this generic ...

    Even if we do, it won't be plug and play experience. (like the firewalla site 2 site). You may need to tweak configurations manually via the MSP interface to get everything running. (we provide some examples)

    BGP, no; I don't think it belongs to the market where firewalla is at. (would it be fun to do ... yea)

    0
    Comment actions Permalink
  • Avatar
    Mina Abiskhiroon

    Does that mean, I am able to create a Site-2-Site VPN between a Firewalla & a pfSense FW using MSP interface? Is there a tutorial or a doc I can follow?

    0
    Comment actions Permalink
  • Avatar
    Firewalla Team

    Team is working on this kind of feature. Please watch out for the upcoming MSP release note. https://help.firewalla.com/hc/en-us/sections/360001462674-Release-Notes

    0
    Comment actions Permalink
  • Avatar
    Johnny Loh

    Enterprise grade S2S might be too complex, but I felt as a start just  have a simple IPSEC feature that is as good as consumer grade routers first. (Asus, TP links all have both IPSec and Wireguard VPN). 

    0
    Comment actions Permalink
  • Avatar
    Firewalla
    • Edited

    The first release will be very 'flexible', pretty much import/cut/paste configuration files. We may produce some examples; we will see how it goes. 

    This is the UI

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post