问题描述

我必须将内部部署网络连接到Azure VNET.我了解可以使用Azure虚拟网络网关来创建站点到站点VPN.但是，我的客户担心安全性，并也在寻找其他可能的选择.

I have to connect an onpremise network to Azure VNET. I understand that Azure Virtual Network Gateway can be used to create a Site to site VPN. However, my customer is concerned about the security and looking for other possible options as well.

我已阅读有关使用Cisco ASAv和Checkpoint vSEC的文章.我的问题是，如果我打算使用这些虚拟设备之一，那么是否还需要在VNET中创建Azure虚拟网络网关?

I have read articles about using Cisco ASAv and Checkpoint vSEC. My question is if I plan to use one of these virtual appliances, then do I still need to create Azure Virtual Network Gateway in the VNET?

我是否需要虚拟设备(要在面向外部的"DMZ"子网中创建虚拟设备)和Azure虚拟网络网关?

Do I need both a virtual appliance (Virtual appliance to be created in the external facing "DMZ" subnet) and Azure Virtual Network Gateway?

如果不需要同时使用两者，那么如果有的话，通过Azure虚拟网络网关使用虚拟设备的优势是什么?

If both are not required at the same time, what is the advantage of using a Virtual appliance over Azure Virtual Network gateway, if there are any?

使用Azure VPN网关的优点是什么?

What are the pros of using Azure VPN Gateway?

推荐答案

如果您使用的是Azure VPN网关，则具有以下优点

If you are using Azure VPN gateway, here are the following advantages 

-高可用性，因为您在部署时创建了两个网关实例

- High availability, as you have 2 instances of gateway created when you deploy

-如果您对网关有任何疑问，我们将提供支持

- We provide support if you have any issues with gateway 

请检查您的本地供应商设备是否在经过验证的列表中列出:https://docs.microsoft.com/zh-cn/azure/vpn-gateway/vpn-gateway-about-vpn-devices #devicetable 

Please check if your On-Premises vendor device is listed in the validated list: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#devicetable 

希望这会有所帮助！

这篇关于Azure站点到站点VPN安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！