Our company offers, IT consulting services for customers seeking to interconnect their on-premise environment to AWS Network.
Our company works with different types of vendors, ranging from Sophos, Fortigate, Checkpoint, Cisco, Ubiquiti, Zscaler and many other vendors helping customers interconnect their branch offices to AWS or Azure, GCP clouds.
What type of AWS VPN Tunneling Solutions Our Company Offers?
Our company can help you integrate your existing firewalls or vpn routers either through route based or policy based, or SSL based vpn tunneling methods, and in some cases even Software Defined Networking methods.
Site To Site Tunneling consulting connectivity from your on-premise environment to AWS. Types of Connectivity we can help customers accomplish.
- Routed Based DMVPN to AWS
- Routed Based through BGP between on premise vendors.
- Policy based site to site IPSEC routing.
Challenging Types of VPN Tunneling solutions that we can help with
Route Based VPN Solutions over BGP
Route Based VPN tunneling is one of just many methods that we can help companies get configured with.
Tunnel Route Based VPN Connectivity to AWS Virtual Private Gateway Services
Our company offers the following services.
- Creation of Virtual Private Gateways in AWS cloud.
- Creation of ACM certificates.
- Creation of VPN tunnels from your company’s on premise branch office to AWS Virtual Private Gateways.
- Creation of Transit VPN Gateways.
- Configuration of VPCs and association of VPCs with IPSEC VPN tunnels.
- BGP peering creation between on premise firewalls and AWS Virtual Private Gateway either dynamically or statically.
- Configuration of route based VPN tunnels and their MTU and MSS settings on branch appliances.
- Monitoring of AWS tunnels through Cloudwatch and on premise customer firewall.
- AWS Multi Region VPN configuration across multiple tunneled routed VPNs.
- Routed VPN interface debugging and troubleshooting.
- BGP tweaking, route propagation.
- AWS Security Group configuration.
Here is what we help customers with when it comes to making any of these VPN tunnels work across ISPs.
- Verifying with ISP that IPSEC IKE and port 4500, 500, ESP traffic is not blocked.
- Working with ISP to obtain static IP addressing, in the form of secondary ip or DMZ routed IP block.
- Debugging connectivity issues with ISP in the event tunnel drops or doesn’t connect properly.
- Obtaining secondary ISP for the customer for redundancy.
- Creating cellular-based connectivity with 4g 5g SIM cards as an alternative WAN interface for IPSEC routed-based VPN tunnel.
- Working with ISP to help you pick the right package which will be compatible with your VPN (not every ISP allows IPSEC tunnels)
AWS VPN Tunnel Management Solutions and Services
Here are the services that we offer from AWS perspective.
- Design of your entire Virtual Architecture.
- Creation of VPCs and associated EC2 instances with appropriate AMIs to run your vendors firewalls in the cloud.
- Creation of site to site VPN connections, leveraging either routed based VPN approach or policy based VPN approach.
- Configuration and management of your AWS routing.
- Security group management.
- Permission management.
- Cloudwatch configuration for metrics and logs.
- Transit Gateway VPN configuration.
- Virtual Private Gateway setup for small and medium offices.
- Certificate ACM building, helping you create certificate authority and making certificate based authentication work.
Cost Analysis & Savings
When many of our customers reach out to us, rarely does every customer know all the associated costs with the solution, simply because there are many factors associated with building VPN tunnels and making them work with the cloud.
As part of our solution offering, we help customers pick the most optimal cost-effective options for their connectivity needs, and part of the engagement conduct Network Assessment, making sure that whatever existing infrastructure that you already invested is factored into the solution, helping customers save money.
AWS Cost Analysis for having site to site VPN or any type of VPN solution
As part of the solution, we help customers analyze licensing costs for Virtual Private Gateways or Transit Gateways in AWS helping customers make informative decisions about the cost factor prior to engaging with the solution.
We also help with AWS licensing cost analysis for ACM certificate management solutions for any EC instances that you may have that require careful tracking.
For every location we recommend customers to use multiple VPN tunnels for redundancy, each tunnel has a cost factor associated with it.
Licensing cost Analysis
When purchasing any type of equipment or software solutions relevant to firewalls, or VPN termination devices there are always licensing fees.
We can help you analyze these licensing fees and pick the right partner for your connectivity needs.
We are vendor agnostic
It doesn’t matter with which vendor you are dealing with, we are vendor agnostic.
- Some vendors may be better than others when it comes to individual solution needs.
- Our role is to recommend the best vendor to help you save money
- Regardless if you are looking for firewall in the cloud solution or Zero Trust type of solution, we can help you integrate it.
Our professional IT Consultants don’t speak the vendor language, but rather speak the protocol language.
Think of it this way every vendor who builds some type of solution is relying on some type of protocol to make the solution work.
Our company has specialized IT Network Consultants who are well versed with both on-premise and cloud types of architecture, regardless if it’s AWS, Azure, Google.
Why connect to AWS from on premise network ?
Many branch networks reside behind NAT and can't properly interconnect to AWS VPN virtual gateway.
When devices are behind NAT, depending on which vendor is trying to initiate VPN tunnel connection, the process of creating a VPN tunnel that is actually working can be very complex.
Some devices don’t have a way to properly work behind a NAT, while some do.
Some ISPs block IKE and 4500 and 500 and ESP traffic. Some don’t allow VPN pass through, some block other ports.
For Every Firewall VPN vendor there is a unique solution
Depending on which vendor customer uses to interact with AWS virtual private gateway the types of solutions that we offer may vary.
Some solutions may include DynamicDNS, others to use static ip, others to use some type of local id modification when traffic exiting firewall before it gets NATed.
Other solutions may include leveraging totally different vendors all together, such as for example Cradlepoint leveraging Software Defined Networking or even Zscaler to allow branch access across ZPA, ZIA.
No matter what the problem is, we have the solution.
Don’t hesitate to contact us to get your consultation today.
Use certificate based VPN tunnels
Certificates Vs Pre-Shared Keys is more secure.
The most typical solution to that problem is the deployment of certificates on the firewall that is creating IPSEC connection and managing these certificates throughout the entire certificate lifecycle management process.
That means renewing certificates on the IPSEC terminating devices.
Yet the reality is, certificate management is not exactly a fun process. AWS has it’s own ACM feature allowing certs to be renewed.
The process of integrating Private CA certs and managing it all is a time consuming process plus somewhat complex.
Our company can help customers make this process less complex.
We can help customers integrate and manage certificates in combination with monitoring AWS VPN tunnels, as well as configurating your existing vendor firewalls and VPN routers in such a way that your offices have resilient connectivity.
Typical Example of what our customers ask us to do
Route Based Tunnel VPN configuration between Sophos firewall and AWS cloud
We get some customers who reach out to us and ask us to configure VPN tunnel using tunnel routing method with the help of for example Sophos XG firewall in the branch office.
- Problems that we instantly see with customers is the fact that their firewall was installed and configured sitting behind private IP vs public IP.
- To solve this problem, we advise customer to get 2ndary public static IP for which WAN port can be configured or use more complex method of integration leveraging dynamicDNS for example with Certificates or other types of solutions.
- In some cases customers can’t pay for static IPs and require other methods of connectivity instead leveraging SSL based VPN or RED based VPN in either case solutions that we offer vary.
- Many customers have already existing infrastructure in AWS cloud and some also have their VMs in Vcenter on premise environment across different branches.
- Some customers have tons of IoT devices that they want to connect and don’t know how, while others simply want to have secure communication to their AWS cloud.
Whatever the case is for every problem there is a unique solution.
- In the case of this situation where customer’s Sophos XG firewall was sitting behind the firewall, the solution was to use certificate based authentication.
- Other option for this customer was to use another VPN router that is more capable of working behind NAT vs Sophos XG.
- Another option was to use DynamicDNS.
Additional Services for Identity Validation and Network Monitoring
In addition to offering AWS VPN solutions our company also offers multi factor level of validation across either certificates or other validation characteristics helping your networks stay secure.
We also can help companies visualize their entire environment in tools like New Relic,DataDog, LogicMonitor, SumoLogic, AppDynamics, Zenoss or Splunk, Solar Winds.
For more info visit our monitoring services.
- Connecting through VPN is one thing, but ensuring that the person who connects to your VPN is legit company’s employee is another.
- Imagine being able to visualize your configuration changes on switches, routers or firewalls, as well as changes within your infrastructure environment ranging from actual physical infrastructure as well as cloud, whether it’s Kubernetes clusters or Serverless Microservices.
- Imagine being able to visualize business transactions as it pertains to generic health score of your entire application or business service, or being able to visualize unique business processes not just from metric standpoint, but from logs.
- Imagine being able to visualize distributed tracing patterns as users navigate through different types of business transactions and how overall health of your application depends on the infrastructure components, application components and other dependencies.
- Imagine being able to visualize even complex recurring events that need to be factored into alerting, but require intelligent logic adjustment.
- Imagine being able to suppress alerts and tackle seasonal type of data, in order to minimize risk of not being alerted when you needed vs when alert is not really needed.
- Imagine being able to have predictive and forecasting monitoring that can combine previous cyclical data in combination with other factors that are relevant for your environment and be able to get alerted on that.
- Imaging having different types of dashboards for compliance, operational level and many other levels, in combination with repots being sent to you or other team members helping your team minimize risk and look like a super hero.
Imagine being able to see when failover happened, at what time, when the VPN tunnel failed, and be able to see it all in the same screen with the business services that were impacted around the timeframe when connectivity was down.
Imagine being able to visualize your Virtual Private Gateways their connectivity status, what tunnel is up, what tunnel is down, as well as other statistics, from your on premise firewall and be able to see health of your environment.
Well with so many imaginative points... described above, you do not have to imagine anymore.
Simply reach out to our DBA Binary Fusion company tell us your use case and we’ll hit the ground running supplementing your existing IT Staff with super charged monitoring and cyber security expertise, that can help your organization reduce risk and best of all tackle complicated tasks that otherwise would not be possible to tackle without a strong IT Security and Network/Application monitoring expertise.
When contacting us, simply let us know the use case you are working on, what you are trying to integrate, what you need monitored, how you are trying to integrate, what tools you already invested and need help with. Or simply describe the challenge you are facing. Our company is very agile and flexible in the way we conduct business. If interested in our services feel free to reach out to us, so we can share with you some of our service offering demonstrations and see if we can do POC or POV for you.
We work with financial organizations as our core expertise, but also service other types of industries ranging from real-estate, manufacturing, professional LLCs, accounting firms, health/medical dental, entertainment industries and other types of industries.
- AWS VPN Tunnel configuration to customers premises can be very challenging and almost impossible to configure without advanced knowledge in security and networking protocols.
- Our company makes the complexity fade away.
- Picking DBA Binary Fusion as your company’s IT resource for advanced type of networking integration will help you save tons of time, doing it yourself.
- Reach out to us, let us know your use case, we can get together analyze what you have, and provide your recommendation on how to move forward with what tool, what to monitor, how to monitor it and can also provide you presentation for some of the services that we did for our other customers in the field of Machine Learning, Certificate LifeCycle Management, Network Monitoring and beyond.
- If interested send an email to email@example.com and simply let us know your name, company name, phone number, and what you are looking for, or alternatively contact us by the phone number shown on the top right corner of this website.
- Thank You for taking your time to read about our Logic Monitoring Services and Solution Integration services.
Industries We Service and help customers integrate Multi Factor Solutions
VPN Firewall and Router Vendors we can connect to AWS
We can help customers with their UTM and Sophos XG or other firewall models get connected to AWS cloud.
We can work with Cradlepoint IBR routers and other types of cellular routers to help you create SDN solution with direct access to the cloud over OpenTLS.
We can help your company have secondary level of remote IPSEC access directly to Pulse Secure Appliances installed in the form of AMI in AWS cloud.
We can help customers get integrated with Zscaler as primary method of communication for remote access VPN, with combination of some other vendor like Pulse Secure in AWS as secondary vendor.
We can help customers create VPN tunnels through transit gateways to CSRs hosted in AWS cloud from the remote branches and we can help run EIGRP over DMVPN tunnels or even OSPF.
We can work with GAIA R77 and up version appliances helping customers get connected to the cloud in either routed or policy based routing way.
We can help customers with Cisco ASA connectivity to AWS cloud, using active and standby type of fail over methods.
We can help with Edgerouter connectivity from behind the NAT devices.
We also work with customers who have FortiNET environment and seeking help to interconnect their on premise networks to AWS cloud either through built in native features of AWS using virtual private gateways or to Fortigate Appliances in AWS cloud.
Problems and AWS VPN Tunneling Solutions
With our AWS VPN tunneling solutions we can reduce the amount of complexity to minimum, helping you take control of your cloud based network, and assisting you with creating secure inter-connectivity.
Our company can help you dissect cost factors and provide you with recommended cost optimal VPN solution.
We can help you manage both of your environments, document your entire cloud based architecture as well as on premise architecture and also help you monitor it.
We can help you manage your VPN endpoints with certificate based authentication. We have dedicated solutions for CLM and PKI management, making certificate renewal easy to do.
Indeed, with new applications come and go, it can be tricky managing security groups. Our company can help with AWS Security management as well.
We have dedicated scanning and patching solution just for the vulnerabilities, and not only for the firewalls that terminating your VPN tunnels, but for other devices as well.
If you have DMVPN tunnels that needs integration with AWS we can help you integrate them helping your offices be directly connected to the cloud through DMVPN.