Everything Instant On

Hi everyone,

wondering if a simple security gateway / firewall solution is on the roadmap for Instant-On. Other vendors in this segment (e.g. Meraki Go or Ubiquiti) offer such solutions, providing VPN functionality or web filtering options. I think basic remote access and web blocking malicious and illegal content would fit very well for small office deployments.

Cheers

Hi everyone,

wondering if a simple security gateway / firewall solution is on the roadmap for Instant-On. Other vendors in this segment (e.g. Meraki Go or Ubiquiti) offer such solutions, providing VPN functionality or web filtering options. I think basic remote access and web blocking malicious and illegal content would fit very well for small office deployments.

Cheers

Gentlepeople 

They have added their gateways in the product line but as far as I can see it is very much in Beta right now. 
I just recently reinstalled one of the sites with this gateway in it (a sg2505). 

The Good: 

• The gateway is on the same pane of glass as the rest of your network
• It filters out things it deems "critical"

The Bad: 

• You can not select to filter out major security treats or any other level. Its an binary choice for filtering out critical only or no filtering at all. 
• There is no geo fencing possibility
• Still haven't found out how to set up a client to site or a site to site VPN
• THERE IS NO LOGGING for the firewall rules (neither allow nor block logs are available) 

The Ugly: 

• As it stands now the product is FAR from being ready to launch for the public. 
• It lacks critical firewall functionality 
• It isn't even capable of replacing a pfsense or even a decently configured iptables

I really hope this product will be upgraded with new essential firewall features so it can be at least called some sort of gateway. 

1. Logging ( half what firewalls are build for) !?!
2. Geofencing
3. Granular controls to filter out "Major" and "Minor" threats, not only "Critical". 

This product was imho far from being complete enough to be pushed to market. It is also not suitable for any partner to install this at a client side as there is no access to logging and the only option you have to troubleshoot is calling support, then you are stuck for 2 days at the clients side until you find someone to help you. Not acceptable. 

I wonder if there are any improvements to be expected any time soon. 

------------------------------
Toon De Kock

Original Message:
Sent: 01-07-2021 12:23 PM
From: FL19
Subject: Instant-On Security Gateway

Hi everyone,

wondering if a simple security gateway / firewall solution is on the roadmap for Instant-On. Other vendors in this segment (e.g. Meraki Go or Ubiquiti) offer such solutions, providing VPN functionality or web filtering options. I think basic remote access and web blocking malicious and illegal content would fit very well for small office deployments.

Cheers

​

InstantON is really not targeted to networking professionals.  As I agree with all of your findings, You need to consider the target audience that typically don't know how to configure the firewall or gateway or network in general.

Client VPS should be coming in one of the next releases, hopefully soon. Site to site VPN is working great. You configure it in your main site selector page under domains. You need to have admin rights to all sites you would like to connect. Then just create a new domain, select sites any you are good. Just be sure to have different ip ranges for your networks (vlan-s) on each site.

WAN redundancy is working great. With Active/Active or Active/Standby failover.

Performance is very good at least on what I have tested.

And I completely agree that absence of any logs is very annoying. 

Another observation is AI only Policy creation is also annoying. It would be great to have option to manually create Policy. Currently you need to create AI policy and then modify it to really fit your needs.

Best, Gorazd 

Gentlepeople 

They have added their gateways in the product line but as far as I can see it is very much in Beta right now. 
I just recently reinstalled one of the sites with this gateway in it (a sg2505). 

The Good: 

• The gateway is on the same pane of glass as the rest of your network
• It filters out things it deems "critical"

The Bad: 

• You can not select to filter out major security treats or any other level. Its an binary choice for filtering out critical only or no filtering at all. 
• There is no geo fencing possibility
• Still haven't found out how to set up a client to site or a site to site VPN
• THERE IS NO LOGGING for the firewall rules (neither allow nor block logs are available) 

The Ugly: 

• As it stands now the product is FAR from being ready to launch for the public. 
• It lacks critical firewall functionality 
• It isn't even capable of replacing a pfsense or even a decently configured iptables

I really hope this product will be upgraded with new essential firewall features so it can be at least called some sort of gateway. 

1. Logging ( half what firewalls are build for) !?!
2. Geofencing
3. Granular controls to filter out "Major" and "Minor" threats, not only "Critical". 

This product was imho far from being complete enough to be pushed to market. It is also not suitable for any partner to install this at a client side as there is no access to logging and the only option you have to troubleshoot is calling support, then you are stuck for 2 days at the clients side until you find someone to help you. Not acceptable. 

I wonder if there are any improvements to be expected any time soon. 

Hi everyone,

wondering if a simple security gateway / firewall solution is on the roadmap for Instant-On. Other vendors in this segment (e.g. Meraki Go or Ubiquiti) offer such solutions, providing VPN functionality or web filtering options. I think basic remote access and web blocking malicious and illegal content would fit very well for small office deployments.

Cheers

You can also refine firewall blocking rules

InstantON is really not targeted to networking professionals.  As I agree with all of your findings, You need to consider the target audience that typically don't know how to configure the firewall or gateway or network in general.

Client VPS should be coming in one of the next releases, hopefully soon. Site to site VPN is working great. You configure it in your main site selector page under domains. You need to have admin rights to all sites you would like to connect. Then just create a new domain, select sites any you are good. Just be sure to have different ip ranges for your networks (vlan-s) on each site.

WAN redundancy is working great. With Active/Active or Active/Standby failover.

Performance is very good at least on what I have tested.

And I completely agree that absence of any logs is very annoying. 

Another observation is AI only Policy creation is also annoying. It would be great to have option to manually create Policy. Currently you need to create AI policy and then modify it to really fit your needs.

Best, Gorazd 

Gentlepeople 

They have added their gateways in the product line but as far as I can see it is very much in Beta right now. 
I just recently reinstalled one of the sites with this gateway in it (a sg2505). 

The Good: 

• The gateway is on the same pane of glass as the rest of your network
• It filters out things it deems "critical"

The Bad: 

• You can not select to filter out major security treats or any other level. Its an binary choice for filtering out critical only or no filtering at all. 
• There is no geo fencing possibility
• Still haven't found out how to set up a client to site or a site to site VPN
• THERE IS NO LOGGING for the firewall rules (neither allow nor block logs are available) 

The Ugly: 

• As it stands now the product is FAR from being ready to launch for the public. 
• It lacks critical firewall functionality 
• It isn't even capable of replacing a pfsense or even a decently configured iptables

I really hope this product will be upgraded with new essential firewall features so it can be at least called some sort of gateway. 

1. Logging ( half what firewalls are build for) !?!
2. Geofencing
3. Granular controls to filter out "Major" and "Minor" threats, not only "Critical". 

This product was imho far from being complete enough to be pushed to market. It is also not suitable for any partner to install this at a client side as there is no access to logging and the only option you have to troubleshoot is calling support, then you are stuck for 2 days at the clients side until you find someone to help you. Not acceptable. 

I wonder if there are any improvements to be expected any time soon. 

Hi everyone,

wondering if a simple security gateway / firewall solution is on the roadmap for Instant-On. Other vendors in this segment (e.g. Meraki Go or Ubiquiti) offer such solutions, providing VPN functionality or web filtering options. I think basic remote access and web blocking malicious and illegal content would fit very well for small office deployments.

Cheers

Sir could you please elaborate on the ability to refine the firewall rules?
I would love to have the ability to block know scanners.  

You can also refine firewall blocking rules

InstantON is really not targeted to networking professionals.  As I agree with all of your findings, You need to consider the target audience that typically don't know how to configure the firewall or gateway or network in general.

Client VPS should be coming in one of the next releases, hopefully soon. Site to site VPN is working great. You configure it in your main site selector page under domains. You need to have admin rights to all sites you would like to connect. Then just create a new domain, select sites any you are good. Just be sure to have different ip ranges for your networks (vlan-s) on each site.

WAN redundancy is working great. With Active/Active or Active/Standby failover.

Performance is very good at least on what I have tested.

And I completely agree that absence of any logs is very annoying. 

Another observation is AI only Policy creation is also annoying. It would be great to have option to manually create Policy. Currently you need to create AI policy and then modify it to really fit your needs.

Best, Gorazd 

Gentlepeople 

They have added their gateways in the product line but as far as I can see it is very much in Beta right now. 
I just recently reinstalled one of the sites with this gateway in it (a sg2505). 

The Good: 

• The gateway is on the same pane of glass as the rest of your network
• It filters out things it deems "critical"

The Bad: 

• You can not select to filter out major security treats or any other level. Its an binary choice for filtering out critical only or no filtering at all. 
• There is no geo fencing possibility
• Still haven't found out how to set up a client to site or a site to site VPN
• THERE IS NO LOGGING for the firewall rules (neither allow nor block logs are available) 

The Ugly: 

• As it stands now the product is FAR from being ready to launch for the public. 
• It lacks critical firewall functionality 
• It isn't even capable of replacing a pfsense or even a decently configured iptables

I really hope this product will be upgraded with new essential firewall features so it can be at least called some sort of gateway. 

1. Logging ( half what firewalls are build for) !?!
2. Geofencing
3. Granular controls to filter out "Major" and "Minor" threats, not only "Critical". 

This product was imho far from being complete enough to be pushed to market. It is also not suitable for any partner to install this at a client side as there is no access to logging and the only option you have to troubleshoot is calling support, then you are stuck for 2 days at the clients side until you find someone to help you. Not acceptable. 

I wonder if there are any improvements to be expected any time soon. 

Hi everyone,

wondering if a simple security gateway / firewall solution is on the roadmap for Instant-On. Other vendors in this segment (e.g. Meraki Go or Ubiquiti) offer such solutions, providing VPN functionality or web filtering options. I think basic remote access and web blocking malicious and illegal content would fit very well for small office deployments.

Cheers

By default all incoming traffic is blocked. You can block specific rules under Security tab. 

Best, Gorazd

Sir could you please elaborate on the ability to refine the firewall rules?
I would love to have the ability to block know scanners.  

You can also refine firewall blocking rules

InstantON is really not targeted to networking professionals.  As I agree with all of your findings, You need to consider the target audience that typically don't know how to configure the firewall or gateway or network in general.

Client VPS should be coming in one of the next releases, hopefully soon. Site to site VPN is working great. You configure it in your main site selector page under domains. You need to have admin rights to all sites you would like to connect. Then just create a new domain, select sites any you are good. Just be sure to have different ip ranges for your networks (vlan-s) on each site.

WAN redundancy is working great. With Active/Active or Active/Standby failover.

Performance is very good at least on what I have tested.

And I completely agree that absence of any logs is very annoying. 

Another observation is AI only Policy creation is also annoying. It would be great to have option to manually create Policy. Currently you need to create AI policy and then modify it to really fit your needs.

Best, Gorazd 

Gentlepeople 

They have added their gateways in the product line but as far as I can see it is very much in Beta right now. 
I just recently reinstalled one of the sites with this gateway in it (a sg2505). 

The Good: 

• The gateway is on the same pane of glass as the rest of your network
• It filters out things it deems "critical"

The Bad: 

• You can not select to filter out major security treats or any other level. Its an binary choice for filtering out critical only or no filtering at all. 
• There is no geo fencing possibility
• Still haven't found out how to set up a client to site or a site to site VPN
• THERE IS NO LOGGING for the firewall rules (neither allow nor block logs are available) 

The Ugly: 

• As it stands now the product is FAR from being ready to launch for the public. 
• It lacks critical firewall functionality 
• It isn't even capable of replacing a pfsense or even a decently configured iptables

I really hope this product will be upgraded with new essential firewall features so it can be at least called some sort of gateway. 

1. Logging ( half what firewalls are build for) !?!
2. Geofencing
3. Granular controls to filter out "Major" and "Minor" threats, not only "Critical". 

This product was imho far from being complete enough to be pushed to market. It is also not suitable for any partner to install this at a client side as there is no access to logging and the only option you have to troubleshoot is calling support, then you are stuck for 2 days at the clients side until you find someone to help you. Not acceptable. 

I wonder if there are any improvements to be expected any time soon. 

Hi everyone,

wondering if a simple security gateway / firewall solution is on the roadmap for Instant-On. Other vendors in this segment (e.g. Meraki Go or Ubiquiti) offer such solutions, providing VPN functionality or web filtering options. I think basic remote access and web blocking malicious and illegal content would fit very well for small office deployments.

Cheers

Hi everyone,

wondering if a simple security gateway / firewall solution is on the roadmap for Instant-On. Other vendors in this segment (e.g. Meraki Go or Ubiquiti) offer such solutions, providing VPN functionality or web filtering options. I think basic remote access and web blocking malicious and illegal content would fit very well for small office deployments.

Cheers

Hi everyone

recent app update (3.3.0.0.) announced support for VPN client for gateways. however, when I follow the instructions provided, option to create vpn network does not exist. both mobile app and web app.

devices are on last SW version, and I am using smaller gateway.

------------------------------
adnan bratt

Original Message:
Sent: 01-07-2021 12:23 PM
From: FL19
Subject: Instant-On Security Gateway

Hi everyone,

wondering if a simple security gateway / firewall solution is on the roadmap for Instant-On. Other vendors in this segment (e.g. Meraki Go or Ubiquiti) offer such solutions, providing VPN functionality or web filtering options. I think basic remote access and web blocking malicious and illegal content would fit very well for small office deployments.

Cheers

​