Protecting a private network in VPC¶
An instance of the Netgate® TNSR® appliance can be used as a firewall for a VPC subnet. This will generally require more manual configuration than using an instance to host a remote access VPN does. See the VPC User Guide for a more detailed explanation of how to configure a VPC and a Netgate TNSR® appliance instance to support this.
Connecting local devices using IPsec¶
A TNSR instance in AWS can act as an IPsec hub for one or more remote endpoints capable of using IPsec, such as local devices running pfSense® software. It can interconnect all of the sites or even act as an Internet gateway.
For a complete example of using TNSR as an IPsec hub for multiple sites running pfSense software, see the recipe TNSR IPsec Hub for pfSense software nodes in the TNSR documentation.
Accessing the TNSR API¶
Accessing the API requires configuring the RESTCONF service in a secure manner as well as setting up a means of user authentication and NACM rules for authorization. There is a complete recipe in the TNSR documentation: RESTCONF Service Setup with Certificate-Based Authentication and NACM
Ideally, the API should only be accessed from the management interface or at least over an encrypted channel such as a VPN.
For more information on the API in general, see the API Documentation.