IPSec VPN Appliance for >10.000 connections

Question

Hi,
One of my customers is looking for a VPN applicance running in Azure to support at least 10.000 simultanious IPSEC connections. This is used for remote devices that regularly do not send any data, but in case of emergency, need a secure high bandwidth connection. The total throughput will be approximately 100GB per MONTH.

Looking at the out-of-the-box Azure VPN-GW, each client will const them $0.01 per hour, which it totally defeating their business case.

Any ideas for reasonable priced solutions?

Answer 1

Hi,

There are several 3rd party options you may consider in the Azure Marketplace. I did quick search and noticed that pfSense doesn't charge extra based on connections, so that is one potential option from cost standpoint.

What I would recommend is to search Azure Marketplace for 3rd party VPNs and research whether or not they support IPSEC, their pricing, max capacity, support options, test using free trial, etc.

Please click Accept Answer and upvote if above was useful.

Thanks.

-TP

Answer 2

Hello @Bas Pruijn ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand that one of your customers is looking for a VPN Applicance running in Azure to support at least 10,000 simultaneous IPSEC connections.

All the different options available for organizations to establish remote access for their users by using Azure networking services can be found in the below document:

https://learn.microsoft.com/en-us/azure/networking/working-remotely-support?toc=%2Fazure%2Fvpn-gateway%2Ftoc.json

You can use Azure VPN gateway but as you mentioned, for 10,000 connections, you would need a VPN gateway of at least VpnGw5 SKU which will have 128 P2S connections included, and rest 129-10,000 connections will be charged at $0.01/hour per connection + Outbound P2S (Point-to-Site) VPN data transfer will be charged at standard data transfer rates.

Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/work-remotely-support

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku

https://azure.microsoft.com/en-us/pricing/details/vpn-gateway/

You can use Azure Virtual WAN, where each Virtual WAN hub supports up to 100,000 remote user connections and the aggregate throughput per Virtual WAN User VPN (Point-to-site) gateway is 200 Gbps. However, you would need to check the pricing before making a decision.

A Standard Virtual WAN Hub costs $0.25/hour + Standard Virtual WAN Hub Data Processing is charged at $0.02/GB + VPN P2S Scale Unit is charged at $0.361/hour (500 Mbps per Scale Unit, per Deployment Hour) + VPN P2S Connection Unit is charged at $0.013/hour (1 per Connection Unit per Deployment Hour)

Refer: https://learn.microsoft.com/en-us/azure/virtual-wan/work-remotely-support

https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#virtual-wan-limits

https://azure.microsoft.com/en-us/pricing/details/virtual-wan/

For IPsec connections, the above 2 would be the native Azure products/services that you can use for remote support.

If the above native Azure solutions doesn't work for you, you can utilize third-party Network Virtual Appliances (NVAs) from Azure Marketplace to provide Point-to-site VPN for your users.

Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/nva-work-remotely-support

Some of the recommended NVAs that are available in Azure Marketplace are as below:

Barracuda CloudGen Access, CloudGuard Network Security, Cisco AnyConnect, Fortinet FortiGate Next-Generation Firewall, etc.

Kindly let us know if the above helps or you need further assistance on this issue.

---

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.