This guide illustrates the process of connecting an Araknis router to our public VPN and firewall service. The purpose of this is to provide traffic inspection and privitization for all traffic to and from an Araknis router. Araknis end users benefit from the added network security, and Araknis dealers benefit from monthly recurring revenue.
Please note, this service is in beta testing and should not be resold..
How does it work?
It utilizes the “Site to Site” VPN feature of the Araknis router to connect to a Fortigate firewall that is hosted in the Microsoft Azure public cloud. All traffic in and out of the Araknis router is scanned by the firewall before it comes or goes.
Can I try it?
If you have an araknis router in your home or lab, just follow the guide as you would for the customer.
If you would like to try the service, but do not have an Araknis router, you can follow the alternative instructions to use the firewall with FortiClient.
What’s the benefit of a cloud based Firewall?
The firewall intercepts all traffic on on it’s way to the Araknis router. It inspects the in real time to find/destroy and malware destined for the LAN behind the Araknis router. It will also filter out known botnet servers to potentially render existing malware useless to the intruder.
It can also be customized to protect devices like NVR’s and URC Total Control systems that require ports that are open to the world.
Since all of the traffic is inspected before it reaches the Araknis router, it means that some protection is also afforded to and from devices that can not run anti virus software. This includes TV’s, control systems, smart fridges, or anything else that has an internet connection and potential vulnerabilities.
Last but not least, it can be customized to block “call home” traffic from various equipment from shady vendors. For example, you can block all traffic from Dahua or Hikvision cameras back to China.
What’s the benefit of a VPN?
The raw VPN, without any firewall inspection, provide anonymity. The places you send traffic to will not know where you are from. They will only see the public IP address of the firewall service itself.
This is also true for the internet service provider. They will see all the outbound traffic going to the firewall service, but it will encrypted so they wil not be able to read the packet data. They will see the encrypted traffic go to the firewall service, but won’t know anything beyond that.
Does it affect my speed?
It will not affect the beloved speedtest. it will however add anywhere from 5ms to 25ms of latency from the source to the destination. This is only the result of the extra stop it must make before returning home to the Araknis router.
How do I set it up?
The setup process can be broken down into 4 steps. Prior to this, you must ensure that the router is receiving a public IP address on the WAN interface. Alternatively, you may set a DMZ for the Araknis router on your ISP equipment.
If you need help setting this up, you can try and reach me on Discord, JT#8301.