Tunnel VPN is the easiest way to create a persistent, secure connection between your Untangle NG Firewall and a remote network. You can easily set up and manage a variety of network scenarios for a range of issues, such as:
SD-WAN applications where you wish to connect to a cloud security service
Managing many small locations by redirecting all traffic through a central location
Privacy or circumventing geographical limitations
Tunnel VPN is powered by a fully featured ruleset, enabling WAN optimizations around which traffic is sent through the tunnel and directed at any given interface, host, subnet, port or other criteria. Like other NG Firewall apps, Tunnel VPN uses Untangle’s leading-edge tagging feature to enable advanced, dynamic routing scenarios based on criteria like.
For example, if a user visits a certain website or uses a certain protocol, like BitTorrent, the host can be tagged and automatically switched to using Tunnel VPN. Once the application usage stops, the tag will expire and the host will automatically switch back to regular routing.
This provides a hands-off way for Tunnel VPN to dynamically react and route traffic through Tunnel VPNs based on any taggable event or activity. Tunnel VPN has applicability from SOHO to the distributed enterprise. Some examples:
Configure a Untangle at a branch office to connect and send all internet traffic through headquarters (for security, control, and reporting)
Configure some traffic (public guest Wi-Fi) to be sent to a cloud security provider for special handling
Configure traffic to use Tunnel VPN for certain privacy concerns, like visiting specific websites or using specific applications
Tunnel VPN features a configuration wizard to enable connections to many privacy VPN providers like another ExpressVPN, NordVPN or even another Untangle NG Firewall. There are also generic options which support most commonly available OpenVPN-based providers.
Remote Security Services
There are many cloud-based security services or Cloud Access Security Brokers (CASB) that will enforce policy and security network traffic as it transits from the local infrastructure to the internet.
Tunnel VPN can be configured to send traffic, either in total or selectively, to the desired cloud services. For example, Tunnel VPN can send all port 25 (SMTP) through a specific tunnel to a cloud email archiving service. Alternatively, an administrator could send DNS, web, or even all traffic through dedicated cloud services.
SD-WAN (software-defined networking) deployments often have the need to maintain several tunnels to dedicated CASBs or internet “exit” points. Tunnel VPN allows you to maintain connections to several cloud exit points and prioritize the tunnels such that if one tunnel goes down, the next available tunnel will be utilized.
When combined with WAN Failover and WAN Balancer, this provides an easy way to ensure the network is always online and the best possible tunnel is being used for connectivity, regardless of cloud services going up or down, or individual ISPs or internet connections being available––meeting uptime goals and ensuring business continuity.
Tunnel VPN can connect to other Untangle services or most privacy VPN services (like NordVPN, Express, HideMyAss, etc).
Many countries have imposed limits or monitoring on “forbidden” content. This can range from content expressing certain political views, information on historical events, region-locked content, unapproved types of entertainment, or copyrighted material. Also many locations do not have access to ISPs (or governments) that respect net-neutrality.
For these locations, Tunnel VPN can provide safe encrypted passage to a location that supports a freer internet and supports net neutrality. Rules can either statically determine what traffic goes through a tunnel (specific hosts or ports) or can dynamically shift which traffic uses the tunnel by leveraging tags. For example, a host can be switched to using a tunnel once Skype or BitTorrent usage is detected.