Advanced Usage

Protecting a private network in VPC

An instance of the Netgate® TNSR® appliance can be used as a firewall for a VPC subnet. This will generally require more manual configuration than using an instance to host a remote access VPN does. See the VPC User Guide for a more detailed explanation of how to configure a VPC and a Netgate TNSR® appliance instance to support this.

Connecting local devices using IPsec

A TNSR instance in AWS can act as an IPsec hub for one or more remote endpoints capable of using IPsec, such as local devices running pfSense® software. It can interconnect all of the sites or even act as an Internet gateway.

For a complete example of using TNSR as an IPsec hub for multiple sites running pfSense software, see the recipe TNSR IPsec Hub for pfSense software nodes in the TNSR documentation.

Accessing the TNSR API

Accessing the API requires configuring the RESTCONF service in a secure manner as well as setting up a means of user authentication and NACM rules for authorization. There is a complete recipe in the TNSR documentation: RESTCONF Service Setup with Certificate-Based Authentication and NACM


Ideally, the API should only be accessed from the management interface or at least over an encrypted channel such as a VPN.

For more information on the API in general, see the API Documentation.

Detect and Recover EC2 Instance Failure

It is also possible to create an Amazon CloudWatch alarm that monitors an Amazon EC2 instance and automatically recovers the instance if it becomes impaired due to an underlying issue.

For more information about instance recovery, see Recover Your Instance.