Follow

BYOG - "Bring Your Own Gateway"

Information

The "Bring Your Own Gateway" feature allows the use of 3rd party firewall/router gateway to be used instead of the MDS Cloud-Link gateway which is typically used as the on-premise device to tunnel traffic to the MDS cloud.

During the ordering process you are given the option to use a 3rd Party gateway to connect to the MDS cloud. Once this is selected, you will be given the ability in the portal to complete the configuration.

The 3rd Party Firewall/Router uses tunneling technology already built-in to the 3rd party gateway to create the connection to MDS. IPSec is the tunneling technology currently being used to create this tunnel.

Requirements

The following are the requirements that the 3rd party firewall/router must support in order to connect to MDS:

1. IPSec Site to Site VPN

2. Static public IP at the customer location

The following are items that are preferable but not necessarily required for connection to the MDS cloud:

1. Route Based VPN Support. Many gateways only support policy based VPN functionality and this can prevent some devices from being able to be properly configured to connect. Fortigate, Sonicwall, Cisco are examples of devices that support route based VPN. You will typically be able to identify if a device supports route based VPN if you have to create a route entry to send the desired traffic over the VPN tunnel.

2. VPN Throughput. Check the IPSec VPN throughput capacity of the gateway. This will limit the max throughput and connection speed you will be able to achieve via the MDS cloud.

Setup

Setup steps can vary from gateway to gateway, but typically require the following steps on a route based VPN device.

1. Complete the MDS configuration in the MDS Manager to provide customer firewall IP, customer network, and VPN password.

2. On the 3rd party gateway at customer create a VPN tunnel configuration with the tunnel info provided on the MDS Manager dashboard page for the device. All the details needed to configure the VPN tunnel on the customer end are provided on your device home page.

3. On the 3rd party gateway at customer create a 0.0.0.0/0.0.0.0 route that points to the MDS VPN tunnel. This will start routing all of your Internet traffic to the MDS cloud.

 

 

MDS Compatible Routers

MDS has conducted testing with the following 3rd party firewall/router models and has been successful in configuring the following gateways to send routed traffic to the MDS Cloud to leverage MDS clean internet and protection that MDS has to offer.

 

 

Brand

Model

Connection

Type

Multi-Network Compatible?
*Pro Subscription Required

Status

BYOG Integration Guides

MikroTik

750GR2

GRE

 

Certified

Mikrotik – MDS 3rd Party integration-02.16.16.pdf

Ubiquiti

EdgeRouter X

IPSEC

 

Certified

Ubiquiti - MDS 3rd Party Integration.pdf

Araknis

AN-300-RT-4L2W

IPSEC

N

Certified

Araknis - MDS BYOG Integration Guide.pdf

Watchguard

T30

IPSEC

 

Certified

Watchguard - MDS 3rd Party Integration.pdf

SonicWall

TZ300

IPSEC

Y

Certified

Sonicwall TZ300 – MDS BYOG Integration Guide.pdf

Cisco

1841

IPSEC

Y

Certified

Cisco 1841 - MDS BYOG Integration.pdf

Cisco

ASA 5505

IPSEC

Y

Certified

Cisco ASA 5505 – MDS BYOG Integration Guide.pdf

Sophos 

UTM

IPSEC

 

Certified

Sophos UTM MDS BYOG Integration Guide.pdf

Fortinet

FortiOS 5.2

IPSEC

Y

Certified

FortiGate FortiOS 5.2 - MDS BYOG Integration Guide.pdf

 Fortinet

60E FortiOS 5.4

IPSEC

Y

Certified

Fortigate FortiOS 5.4 BYOG Integration Guide.pdf

Meraki

*

*

N

Incompatible

N/A

ASUS

*

*

N

Incompatible

N/A

 

Don't see a gateway you work with? Contact us. 

Have more questions? Submit a request
Powered by Zendesk