VNS3 Specifications

VNS3™ delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API.


Available for Public Clouds

Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), IBM SoftLayer, ElasticHosts, InterRoute, Abiquo.

Available for Private Clouds

Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, and more.

Available for Virtual Infrastructure

VMware (all formats), Citrix, Xen, KVM, and more.

Device and Connectivity Support

VNS3 Supports Most IPsec Data Center Solutions:

Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, and Vyatta.

Best Effort

Any IPsec device that supports: IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.

*Known Exclusions

  • Checkpoint R65+ requires native IPSec connections as Checkpoint does not conform to NAT-Traversal Standards.
  • Cisco ASA 8.4(2)-8.4(any) and Cisco ASA-X 9.2(any)-9.6.1 bugs prevent a stable connection from being maintained.
  • FortiGate 6.2.3+ uses the same SPI value to bring up Phase 2 IPsec negotiations for all subnets/tunnels. Policy-based IPsec VPN tunnels configured on VNS3 will expect different SPI values for each tunnel. Documentation on how to Use multiple phase 2 tunnels on the FortiGate to create different SPI values for each subnet can be found in the Fortinet Administration Guide (example: v6.4.5 Guide).