VPN Hardware Questions (mGuard, Tosi, etc.)

[kdcui]

Hi -
I am exploring options for cellular enabled hardware VPN / Firewall devices to deploy for remote troubleshooting purposes. I do not have lots of experience deploying these myself but have heard they are straightforward enough.

In addition to an incoming VPN connection, can these devices also be used to maintain a persistent outgoing connection? We are looking at having a persistent cellular connection to some cloud based applications, but would like to use the same connection to remote in as needed.

I've looked at "the usual suspects" but it is unclear to me if these support the "persistent connection" use case.

Thanks.

 

[theColonel26]

I do not know anything about mGaurd.

TosiBox on the other hand.

Yes, you can do all kinds of network architectures.

• You can of course do client connection (PC to Lock, Lock is the name of their Gateway devices)
  • You can do Layer 2, or Layer 3
• You can configure the locks to allow out going access to the internet, then have them send their data to the cloud that way.
• You can configure them to create a permanent tunnel to a virtual network where other Locks are also connected, and you use one of there Virtual Locks to allow a cloud hosted server to sit on the virtual network, then you have an end-to-end encrypted tunnel.

Really I think option 2 is the easiest, if your machines send data to the server on their own.

If it needs to be polled from each machine from the server though You would have to use option 3.

I only use TosiBoxes now. I basically refuse to give anyone remote support if they won't use one.

It works out fine, since Our big customers usually want to handle support themselves so we give them our code any ways and they always the ones that throw a fit about putting a Tosi Box on their network, even if it is Isolated from their plant network.