Overview
VNS3 in AWS allows customers to deliver improved security, connectivity, and compliance while minimizing complexity. Our multicoud network controller can be deployed as a router, switch, site-to-site IPsec VPN, People VPN, firewall, protocol re-distributor, or any combination of functions you want.
Fully Encrypt ALL Data-in-Motion and Own Your Security VNS3 supports a wide range of encryption algorithms and connection parameters to facilitate compliance with industry regulations (like HIPAA, PCI, FIPS, etc.), internal requirements, or the demands of connecting parties. VNS3 encrypts all data in motion to, from, and within the cloud allowing you to control your cryptographic keys. VNS3 extends the capabilities of your Azure deployment by ensuring that all traffic is encrypted between your virtual networks, regions, and other cloud providers.
Unparalleled Support for Advanced Networking Use-Cases VNS3 subnets can span virtual networks, regions and clouds, easily handling the headache of address overlap. VNS3 also offers the advantage of BGP active-active connections, preferred peer lists, and our high-availability, instance-based IPsec failover add-on.
Customize Your Network With a Plugin Platform in Your Edge VNS3 is flexible and extensible; add SSL termination, load balancing, content caching, intrusion detection, or other network services directly to your VNS3 instance using our ever-expanding list of partner plugins including popular Open Source projects like Suricata, Snort, Zeek, HAproxy, NGINX, Varnish, Squid, OWASP ZAP and more.
Easy Implementation and Management Implement and integrate VNS3 with existing network equipment without any new knowledge or training for your developers and cloud architects. Empower your team to do everything from connecting a secure & flexible VPN IPsec tunnel to managing complex cross-cloud networks. Dynamically launch and configure your overlay network in minutes using the REST API, web-based UI, or popular automation frameworks like Ansible, Azure Resource Manager templates, or Terraform.
Connect to your existing monitoring systems using SNMP or Netflow and integrate to SaaS monitoring systems like DataDog and SumoLogic with ease.
VNS3 supports connecting to most IPsec data center solutions, as well as to Cloud Service Providers: Cisco Systems, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, LibreSwan, OpenSwan, pfSense, Vyatta, AWS VPN, Google VPN, Azure VPN, and more.
VNS3 Free is a free, self-service cloud connectivity and security appliance (you only pay VNS3 instance runtime fees) for smaller cloud deployments.
CLICK-THROUGH LICENSE LIMITS ONE (1) INSTANCE PER CUSTOMER
Highlights
- Next Generation Network Security Appliance: firewall, VPN concentrator (IPsec and TLS), router, switch, protocol redistributor, application delivery controller (layer 4 - layer 7 network services plugin system), and scriptable/dynamic SDN.
- End-to-End Encryption of all data in motion to/from/between clouds via the Overlay Network unique to Cohesive Networks VNS3. Create an encrypted and highly available network deployed across availability zones, regions and clouds.
- Easier, faster and more secure than the alternatives. VNS3 was first to cloud and is approaching 1 billion device hours in production deployments.
Details
Typical total price
$0.019/hour
Pricing
- ...
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
|---|---|---|---|
t2.micro AWS Free Tier | $0.00 | $0.012 | $0.012 |
t2.small | $0.00 | $0.023 | $0.023 |
t2.medium | $0.00 | $0.046 | $0.046 |
t2.large | $0.00 | $0.093 | $0.093 |
t2.xlarge | $0.00 | $0.186 | $0.186 |
t2.2xlarge | $0.00 | $0.371 | $0.371 |
t3.nano | $0.00 | $0.005 | $0.005 |
t3.micro AWS Free Tier | $0.00 | $0.01 | $0.01 |
t3.small | $0.00 | $0.021 | $0.021 |
t3.medium | $0.00 | $0.042 | $0.042 |
Additional AWS infrastructure costs
Type | Cost |
|---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
VNS3 versions 6.2.9 and 6.6.8 are now available with critical security updates. These releases address vulnerabilities discovered through Trend Micro's Zero Day Initiative program and include important system upgrades. The underlying OS has been updated incorporating security patches for various libraries and components. Specific fixes address ZDI-CAN-24160, ZDI-CAN-24176, ZDI-CAN-24177, and ZDI-CAN-24178, resolving issues where improperly parsed input could potentially allow for remote code execution (require access to port 8000 to be exploited). We've also enhanced our API and UI parsing code to improve security further. While VNS3 instances with TCP port 8000 locked down are not vulnerable to outside attacks, we strongly recommend all customers upgrade to these latest versions for optimal security.
For more information, see the VNS3 Release Notes - https://docs.cohesive.net/docs/vns3/release-notes/ .
Cohesive Networks support staff is available to help with your deployment or upgrade. Create a ticket on our support system (http://support.cohesive.net ) for assistance.
Additional details
Usage instructions
Once the instance is running, access the UI via browser at https://<public_dns>:8000 with vnscubed as the username and the instance id as the password (See Configuration Document).
Resources
Support
Vendor support
Forum support as available
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
IPSEC ENDPOINT NAME BUG
The free latest version has a bug. It adds characters to the Endpoint name.
Aug 18 20:27:51.644374: initiating all conns with alias='cftconn_1_knoxxidr_1'
Aug 18 20:27:51.644406: no connection named "cftconn_1_knoxxidr_1"
Aug 18 20:28:01.762342: initiating all conns with alias='cftconn_1_knoxxidr_1'
Aug 18 20:28:01.763290: no connection named "cftconn_1_knoxxidr_1"
Aug 18 20:28:18.459324: forgetting secrets
Aug 18 20:28:18.459388: loading secrets from "/etc/ipsec.secrets"
Aug 18 20:28:19.546430: forgetting secrets
Aug 18 20:28:19.546475: loading secrets from "/etc/ipsec.secrets"
Aug 18 20:28:19.595238: packet from xx.xxx.xxx.:500: initial Main Mode message received but no connection has been authorized with authby=PSK and xauth=no
Aug 18 20:29:35.184073:
INCREDIBLE CUSTOMER SUPPORT AND GREAT SOFTWARE!!!
I cannot recommend this team highly enough, they are truly dedicated to making sure you get what you need. Software is great, intuitive, easy to use, makes sense of a complex thing. We enjoy working with them so much.
SCTP Tunnel over Public IP Support
We were disappointed by lack of support for VPN Tunnel over Public IP via AWS's VPC VPN, so we head toward 3rd parties where we found VNS3.
Everything setup nicely and smooth. Configuring the VPN is simple and straightforward, with full tcpdump log to help debug the tunnels (which AWS own VPN also lack).
We soon realized that SCTP protocol is not tunnel through the VPN. Only TCP and UDP. This pain point of VNS3 suddenly turn into an advantage where customer support applied a patch for us which enabled SCTP protocol in VNS3, now our firewall is complete. We are happy, our customers are happy, and yeah, our partners are also happy!
Allow only 1 (one) IPSec endpoint in the free version
Good solution, but the description is not clear about the limits of the free version. For those looking for a VPN IPSec concentrator, bear in mind that this free version allows for only ONE IPSec endpoint.
VPN configuration made easy
We are a group of developers who have little to none networking experience.
We've tried vpn services in the past for connection with our clients, but often we had unstable connection and issues with the VPN providers of our clients, often relying on using other cloud services outside of AWS.
Using VNS3 it was pretty easy to setup our peer VPN, having a user-friendly interface, even for non-networking guys like us. Also their support is great, everytime we got stuck on a configuration, their support team quickly responds and help us through the way with helpful tips. We currently have multiple tunnels with multiple VPN peers and no issues.
Such a great product and support, would highly recommend it.