IPSec VPN Appliance for >10.000 connections

Bas Pruijn 956 Reputation points
2023-11-23T09:57:11.83+00:00

Hi,
One of my customers is looking for a VPN applicance running in Azure to support at least 10.000 simultanious IPSEC connections. This is used for remote devices that regularly do not send any data, but in case of emergency, need a secure high bandwidth connection. The total throughput will be approximately 100GB per MONTH.

Looking at the out-of-the-box Azure VPN-GW, each client will const them $0.01 per hour, which it totally defeating their business case.

Any ideas for reasonable priced solutions?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,782 questions
{count} votes

Accepted answer
  1. TP 126.7K Reputation points Volunteer Moderator
    2023-11-23T10:43:16.6766667+00:00

    Hi,

    There are several 3rd party options you may consider in the Azure Marketplace. I did quick search and noticed that pfSense doesn't charge extra based on connections, so that is one potential option from cost standpoint.

    What I would recommend is to search Azure Marketplace for 3rd party VPNs and research whether or not they support IPSEC, their pricing, max capacity, support options, test using free trial, etc.

    Please click Accept Answer and upvote if above was useful.

    Thanks.

    -TP


1 additional answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 50,106 Reputation points Microsoft Employee Moderator
    2023-11-23T11:38:58.7033333+00:00

    Hello @Bas Pruijn ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that one of your customers is looking for a VPN Applicance running in Azure to support at least 10,000 simultaneous IPSEC connections.

    All the different options available for organizations to establish remote access for their users by using Azure networking services can be found in the below document:

    https://learn.microsoft.com/en-us/azure/networking/working-remotely-support?toc=%2Fazure%2Fvpn-gateway%2Ftoc.json

    You can use Azure VPN gateway but as you mentioned, for 10,000 connections, you would need a VPN gateway of at least VpnGw5 SKU which will have 128 P2S connections included, and rest 129-10,000 connections will be charged at $0.01/hour per connection + Outbound P2S (Point-to-Site) VPN data transfer will be charged at standard data transfer rates.

    Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/work-remotely-support

    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku

    https://azure.microsoft.com/en-us/pricing/details/vpn-gateway/

    You can use Azure Virtual WAN, where each Virtual WAN hub supports up to 100,000 remote user connections and the aggregate throughput per Virtual WAN User VPN (Point-to-site) gateway is 200 Gbps. However, you would need to check the pricing before making a decision.

    A Standard Virtual WAN Hub costs $0.25/hour + Standard Virtual WAN Hub Data Processing is charged at $0.02/GB + VPN P2S Scale Unit is charged at $0.361/hour (500 Mbps per Scale Unit, per Deployment Hour) + VPN P2S Connection Unit is charged at $0.013/hour (1 per Connection Unit per Deployment Hour)

    Refer: https://learn.microsoft.com/en-us/azure/virtual-wan/work-remotely-support

    https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#virtual-wan-limits

    https://azure.microsoft.com/en-us/pricing/details/virtual-wan/

    For IPsec connections, the above 2 would be the native Azure products/services that you can use for remote support.

    If the above native Azure solutions doesn't work for you, you can utilize third-party Network Virtual Appliances (NVAs) from Azure Marketplace to provide Point-to-site VPN for your users.

    Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/nva-work-remotely-support

    Some of the recommended NVAs that are available in Azure Marketplace are as below:

    Barracuda CloudGen Access, CloudGuard Network Security, Cisco AnyConnect, Fortinet FortiGate Next-Generation Firewall, etc.

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.