The "Bring Your Own Gateway" feature allows the use of 3rd party firewall/router gateway to be used instead of the MDS Cloud-Link gateway which is typically used as the on-premise device to tunnel traffic to the MDS cloud.
During the ordering process you are given the option to use a 3rd Party gateway to connect to the MDS cloud. Once this is selected, you will be given the ability in the portal to complete the configuration.
The 3rd Party Firewall/Router uses tunneling technology already built-in to the 3rd party gateway to create the connection to MDS. IPSec is the tunneling technology currently being used to create this tunnel.
The following are the requirements that the 3rd party firewall/router must support in order to connect to MDS:
1. IPSec Site to Site VPN
2. Static public IP at the customer location
The following are items that are preferable but not necessarily required for connection to the MDS cloud:
1. Route Based VPN Support. Many gateways only support policy based VPN functionality and this can prevent some devices from being able to be properly configured to connect. Fortigate, Sonicwall, Cisco are examples of devices that support route based VPN. You will typically be able to identify if a device supports route based VPN if you have to create a route entry to send the desired traffic over the VPN tunnel.
2. VPN Throughput. Check the IPSec VPN throughput capacity of the gateway. This will limit the max throughput and connection speed you will be able to achieve via the MDS cloud.
Setup steps can vary from gateway to gateway, but typically require the following steps on a route based VPN device.
1. Complete the MDS configuration in the MDS Manager to provide customer firewall IP, customer network, and VPN password.
2. On the 3rd party gateway at customer create a VPN tunnel configuration with the tunnel info provided on the MDS Manager dashboard page for the device. All the details needed to configure the VPN tunnel on the customer end are provided on your device home page.
3. On the 3rd party gateway at customer create a 0.0.0.0/0.0.0.0 route that points to the MDS VPN tunnel. This will start routing all of your Internet traffic to the MDS cloud.
MDS Compatible Routers
MDS has conducted testing with the following 3rd party firewall/router models and has been successful in configuring the following gateways to send routed traffic to the MDS Cloud to leverage MDS clean internet and protection that MDS has to offer.