Business VPN Recommendation

Hello folks!

I’m looking for a Business VPN recommendation. To be more specific, I’d like something that I could:

• Integrate to Azure AD for SSO and conditional access.
• Allow my users to have a fixed set of public IPs, so I can lock our internal services using those.

I believe I can accomplish that using most cloud providers. However, egress costs are a showstopper. I use PIA (Private Internet Access) for personal stuff with a fixed IP, in the end of the day I wanted something similarly simple for our company, plus AD integration. Does such solution exists?

Integrate to Azure AD for SSO and conditional access.

Easy peasy for us honestly, Azure VPN with the Azure VPN Client is the way we went with this. The IP is basically locked, and it’s perfectly integrated with Microsoft 365, not to mention that the same VPN Gateway is used as a Site to Site VPN for our Azure servers and services.

Plus our users love it because their sign in is quite literally “Select your account that’s already signed-in to windows”

Only issue is no Linux support (at least not with Azure AD integration) and it only supports Win 10 on the Windows side of things. Mac OS is supported though so that’s nice if you run that.

Not really a VPN, but Twingate might work for what you’re trying to do

BastionZero https://www.bastionzero.com/

They do secure remote access stuff and are zero trust and all that fancy stuff. Plus they have immutable logs and they do this cool thing which means they can’t really access your computers (e.g. They can’t run commands, etc )

Set up your own VPN.

Have you looked into using OpenVPN Access Server? You can go further and add Duo into the mix for 2FA.

Why are you wanting users to have fixed Public IPs?

Hi!

We use FortiClient nowadays. It works fine, but we need to maintain our physical firewall / networks. Also, our office becomes a single point of failure. Since we already have very few things on premises, I was thinking how we could get rid of our last boxes.

Have you ever had issues with egress costs? My understanding is that Azure VPN just connects you to a VNet, so all VNet fees may apply.

I guess we could mitigate that risk with split tunneling (does Azure VPN supports that?) although that’s another operational burden.

BTW Thanks for the recommendation!

Looks neat, I will take a look. Thank you!

First time I’m reading about this service, I will take a look. Thanks a lot!

Meh =)

I want my users to be able to access resources in cloud providers without exposing said resources to the public internet.

I currently do that by restricting access to my office IP.

Did you create this account just to promote your product? Anyway, it worked.

If your infra is in the cloud or another data center, do you have or manage an edge device there? If so, I would recommend doing your vpn on the edge device if possible. If it’s a fortigate ( I see you use fortinet) I believe everything you are looking for is possible. If you have a fortinet account manager / SE, maybe email them.

It’s split tunnel, so only your companies IPs get routed which means we’ve never had an issue cost wise. If your looking to route everything over the VPN like an old school system then I wouldn’t recommend it.

Also checkout nvis-inc.com we are a startup with a similar approach but peer to peer and Layer2 encryption and of course better pricing. DM me for more info.

You wouldn’t be exposing those addresses over the internet. You’d be accessing them for a VPN Subnet that has the proper rules for said cloud resources.