Azure站点到站点VPN安全
I have to connect an onpremise network to Azure VNET. I understand that Azure Virtual Network Gateway can be used to create a Site to site VPN. However, my customer is concerned about the security and looking for other possible options as well.
我已阅读有关使用Cisco ASAv和Checkpoint vSEC的文章.我的问题是,如果我打算使用这些虚拟设备之一,那么是否还需要在VNET中创建Azure虚拟网络网关?
I have read articles about using Cisco ASAv and Checkpoint vSEC. My question is if I plan to use one of these virtual appliances, then do I still need to create Azure Virtual Network Gateway in the VNET?
我是否需要虚拟设备(要在面向外部的"DMZ"子网中创建虚拟设备)和Azure虚拟网络网关?
Do I need both a virtual appliance (Virtual appliance to be created in the external facing "DMZ" subnet) and Azure Virtual Network Gateway?
如果不需要同时使用两者,那么如果有的话,通过Azure虚拟网络网关使用虚拟设备的优势是什么?
If both are not required at the same time, what is the advantage of using a Virtual appliance over Azure Virtual Network gateway, if there are any?
使用Azure VPN网关的优点是什么?
What are the pros of using Azure VPN Gateway?
Azure VPN网关使用IPSEC连接到本地设备,与虚拟设备相同.您可以使用VPN网关或NVA来安全地连接到本地.
Azure VPN gateway uses IPSEC to connect to your On-Premises, same as Virtual Appliance. You can either have VPN gateway or NVA to connect securely to your On-Premises.
如果您使用的是Azure VPN网关,则具有以下优点
If you are using Azure VPN gateway, here are the following advantages
-高可用性,因为您在部署时创建了两个网关实例
- High availability, as you have 2 instances of gateway created when you deploy
-如果您对网关有任何疑问,我们将提供支持
- We provide support if you have any issues with gateway
请检查您的本地供应商设备是否在经过验证的列表中列出:https://docs.microsoft.com/zh-cn/azure/vpn-gateway/vpn-gateway-about-vpn-devices #devicetable
Please check if your On-Premises vendor device is listed in the validated list: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#devicetable
希望这会有所帮助!