VNS3 in Azure allows customers to deliver improved security, connectivity, and compliance while minimizing complexity. Our hybrid overlay virtual networking controller functions as six devices in one: router, switch, SSL/IPSec VPN concentrator, firewall, protocol re-distributor, and extensible NFV.
VNS3 supports a wide range of encryption algorithms and connection parameters to facilitate compliance with industry regulations (like HIPAA, PCI, FIPS, etc.), internal requirements, or the demands of connecting parties. VNS3 encrypts all data in motion to, from, and within the cloud using AES-256, 3DES cipher suites, or custom keys. VNS3 extends the capabilities of your Azure deployment by ensuring that all traffic is encrypted between your virtual networks, regions, and other cloud providers.
VNS3 subnets can span virtual networks, regions and clouds, easily handling the headache of address overlap. VNS3 also offers the advantage of BGP active-active connections, preferred peer lists, and our high-availability, instance-based IPsec failover add-on.
VNS3 is flexible and extensible; add SSL termination, load balancing, content caching, or other network services directly to your VNS3 instance using our ever-expanding list of containers plugins.
Implement and integrate VNS3 with existing network equipment without any new knowledge or training for your developers and cloud architects. Empower your team to do everything from connecting a secure & flexible VPN IPsec tunnel to managing complex cross-cloud networks. Dynamically launch and configure your overlay network in minutes using the REST API or web-based UI. Use VNS3 for free or as a pay-as-you-go virtual network server.
VNS3 supports most IPsec data center solutions: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, and Vyatta.
Best Effort: Any IPsec device that supports: IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
Checkpoint R65+ requires native IPSec connections as Checkpoint does not conform to NAT-Traversal Standards, and Cisco ASA 8.4(2)-8.4(any) and Cisco ASA-X 9.2(any)-9.6.1 bugs prevent a stable connection from being maintained.