Sold by: Cohesive Networks
Deployed on AWS
AWS Free Tier
VNS3 is a software-only controller that can run standalone, in a distributed transit mesh, in a single cloud or multicloud deployment. It provides a Firewall, Router, IPsec / OpenVPN / WireGuard® VPN, BGP, NAT Gateway, Transit Gateway, and more. *LIMIT ONE (1) PER CUSTOMER*
4.4
Overview
VNS3 in AWS allows customers to deliver improved security, connectivity, and compliance while minimizing complexity. Our multicoud network controller can be deployed as a router, switch, site-to-site IPsec VPN, People VPN, firewall, protocol re-distributor, or any combination of functions you want.
Fully Encrypt ALL Data-in-Motion and Own Your Security VNS3 supports a wide range of encryption algorithms and connection parameters to facilitate compliance with industry regulations (like HIPAA, PCI, FIPS, etc.), internal requirements, or the demands of connecting parties. VNS3 encrypts all data in motion to, from, and within the cloud allowing you to control your cryptographic keys. VNS3 extends the capabilities of your Azure deployment by ensuring that all traffic is encrypted between your virtual networks, regions, and other cloud providers.
Unparalleled Support for Advanced Networking Use-Cases VNS3 subnets can span virtual networks, regions and clouds, easily handling the headache of address overlap. VNS3 also offers the advantage of BGP active-active connections, preferred peer lists, and our high-availability, instance-based IPsec failover add-on.
Customize Your Network With a Plugin Platform in Your Edge VNS3 is flexible and extensible; add SSL termination, load balancing, content caching, intrusion detection, or other network services directly to your VNS3 instance using our ever-expanding list of partner plugins including popular Open Source projects like Suricata, Snort, Zeek, HAproxy, NGINX, Varnish, Squid, OWASP ZAP and more.
Easy Implementation and Management Implement and integrate VNS3 with existing network equipment without any new knowledge or training for your developers and cloud architects. Empower your team to do everything from connecting a secure & flexible VPN IPsec tunnel to managing complex cross-cloud networks. Dynamically launch and configure your overlay network in minutes using the REST API, web-based UI, or popular automation frameworks like Ansible, Azure Resource Manager templates, or Terraform.
Connect to your existing monitoring systems using SNMP or Netflow and integrate to SaaS monitoring systems like DataDog and SumoLogic with ease.
VNS3 supports connecting to most IPsec data center solutions, as well as to Cloud Service Providers: Cisco Systems, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, LibreSwan, OpenSwan, pfSense, Vyatta, AWS VPN, Google VPN, Azure VPN, and more.
VNS3 Free is a free, self-service cloud connectivity and security appliance (you only pay VNS3 instance runtime fees) for smaller cloud deployments.
CLICK-THROUGH LICENSE LIMITS ONE (1) INSTANCE PER CUSTOMER
Highlights
- Next Generation Network Security Appliance: firewall, VPN concentrator (IPsec and TLS), router, switch, protocol redistributor, application delivery controller (layer 4 - layer 7 network services plugin system), and scriptable/dynamic SDN.
- End-to-End Encryption of all data in motion to/from/between clouds via the Overlay Network unique to Cohesive Networks VNS3. Create an encrypted and highly available network deployed across availability zones, regions and clouds.
- Easier, faster and more secure than the alternatives. VNS3 was first to cloud and is approaching 1 billion device hours in production deployments.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux 6.7.8
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
This product is available free of charge. Free subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier for more details.
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Version 6.7.8 includes various bug fixes, enhancements, and optimizations. For more information, see the VNS3 Release Notes - https://docs.cohesive.net/docs/vns3/release-notes/ .
Cohesive Networks support staff is available to help with your deployment or upgrade. Create a ticket on our support system (http://support.cohesive.net ) for assistance.
Additional details
Usage instructions
Once the instance is running, access the UI via browser at https://<public_dns>:8000 with vnscubed as the username and the instance id as the password (See Configuration Document).
Note: The default 0.0.0.0/0 rule enables universal initial connectivity but should be restricted to the IP(s) used for VNS3 controller management post-deployment.
Resources
Support
Vendor support
Forum support as available
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Built on the VNS3 Application Security Platform, this NATe edition provides a NAT-Gateway at a lower price with comparable performance to cloud platform NAT Gateways, while providing visibility and control for your NAT traffic needs.
VNS3 is a secure multicloud network virtualization platform. It connects your on-premises, public cloud and SaaS apps in a scalable and highly available network. VNS3 Multicloud Link provides a centralized management interface for your network connections and security policies. VNS3 helps control network traffic, secure your data and apps, and simplify multi-cloud deployments.
VNS3 is a software-only controller that can run standalone, in a distributed transit mesh, in a single cloud or multicloud deployment. It provides a Firewall, Router, IPsec / OpenVPN / WireGuard® VPN, BGP, NAT Gateway, Transit Gateway, and more.
VNS3 is a software-only controller that can run standalone, in a distributed transit mesh, in a single cloud or multicloud deployment. It provides a Firewall, Router, IPsec / OpenVPN / WireGuard® VPN, BGP, NAT Gateway, Transit Gateway, and more.
Customer reviews
Shivam Dhang
Secure multi-cloud connectivity has simplified VPN deployment and unified firewall control
Reviewed on Feb 19, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for VNS3 is secure multi-cloud and hybrid connectivity, using VNS3 as an overlay VPN controller. I use it for IPsec site-to-site tunnels, encrypted mesh between cloud VPCs, and centralized firewall control without modifying native cloud networking.
For example, I have deployed VNS3 in AWS to build encrypted IPsec tunnels between multiple customer VPCs and on-premises data centers. Instead of going through complex native peering plus firewall changes, VNS3 provided an overall mesh plus policy-based routing, reducing deployment time by fifty percent and simplifying MSP multi-tenant isolation.
What is most valuable?
The top three features that VNS3 offers are encrypted overlay networking, centralized firewall plus routing policies across clouds, and multi-cloud connectivity without native peering complexity, along with VPN orchestration and key management via controller APIs.
Additional valuable features in VNS3 include containerized deployment capabilities, cloud infrastructure and DevOps tooling integration, and fine-grained traffic steering without route controls.
VNS3 improved secure connectivity across multi-cloud and on-premises environments without complex native peering. It reduced VPN setup time, standardized firewall and routing policies, and provided clear encrypted traffic paths for compliance and MSP tenant isolation. Using VNS3, I saw forty to sixty percent faster VPN deployment versus native cloud plus firewall configurations, a thirty percent reduction in network change tickets due to centralized policy control, and lower infrastructure costs by avoiding dedicated hardware VPN appliances per customer.
What needs improvement?
The areas where VNS3 could be improved include native integration with cloud providers such as SD-WAN or transit services, deeper telemetry and analytics, and simpler GUI workflows for large multi-tenant setups.
Additional improvement ideas for VNS3 would be template-based multi-tenant deployments for MSP scales and Zero Trust micro-segmentation policies tied to identity or context.
For how long have I used the solution?
I have been using VNS3 for three or more years.
What do I think about the stability of the solution?
VNS3 is stable.
What do I think about the scalability of the solution?
VNS3 scales well horizontally. I can add controller instances per region or tenant and mesh via IPsec. Throughput and peer count depend on instance size, so planning capacity and automation matter for large or multi-tenant deployment.
How are customer service and support?
The customer support is great. The team is knowledgeable and provides faster responses.
Which solution did I use previously and why did I switch?
I previously used native cloud VPN plus hardware VPN appliances. I switched to VNS3 to get a software-defined overlay, centralized policy control, and easier multi-cloud hybrid networking without managing separate devices per customer.
Before choosing VNS3, I evaluated native cloud site-to-site VPN, which limited me for centralized control and complex multi-cloud orchestration. I also evaluated SD-WAN solutions, which are good for branch edges but are less flexible for cloud overlay. I chose VNS3 for its software-defined encrypted overlay and multi-cloud policy consistency.
How was the initial setup?
Setup cost is moderate; it requires network planning and key management, but deployment is straightforward with infrastructure as code.
What about the implementation team?
I am a customer with no other business relationship with this vendor.
What was our ROI?
Using VNS3 for the last three years, I saw measurable return on investment, including saving time on deploying VPN, which is forty to fifty percent versus native cloud plus firewall work. Operational efficiency improved because of the centralized control, and network change tickets have been reduced by thirty percent. I have also eliminated the need for dedicated hardware VPN appliances per customer.
What's my experience with pricing, setup cost, and licensing?
The pricing or licensing is predictable. It is instance-based plus bandwidth tiers but can rise with heavy throughput or many endpoints.
Which other solutions did I evaluate?
Before choosing VNS3, I evaluated native cloud site-to-site VPN, which limited me for centralized control and complex multi-cloud orchestration. I also evaluated SD-WAN solutions, which are good for branch edges but are less flexible for cloud overlay.
What other advice do I have?
I would rate VNS3 an eight overall. I chose an eight because it is strong for secure multi-cloud VPN overlay, policy control, and MSP tenant isolation. I cut two points because it could improve in advanced telemetry, native cloud integration, and large-scale automation.
If anyone is considering VNS3, I would recommend clearly designing the IP plan, routing model, and tenant isolation upfront. Validating throughput sizing and HA design earlier for multi-region MSP scale is important. My overall rating for this product is eight out of ten.
Ivan_review
IPSEC ENDPOINT NAME BUG
Reviewed on Aug 18, 2022
Review from a verified AWS customer
The free latest version has a bug. It adds characters to the Endpoint name.
Aug 18 20:27:51.644374: initiating all conns with alias='cftconn_1_knoxxidr_1'
Aug 18 20:27:51.644406: no connection named "cftconn_1_knoxxidr_1"
Aug 18 20:28:01.762342: initiating all conns with alias='cftconn_1_knoxxidr_1'
Aug 18 20:28:01.763290: no connection named "cftconn_1_knoxxidr_1"
Aug 18 20:28:18.459324: forgetting secrets
Aug 18 20:28:18.459388: loading secrets from "/etc/ipsec.secrets"
Aug 18 20:28:19.546430: forgetting secrets
Aug 18 20:28:19.546475: loading secrets from "/etc/ipsec.secrets"
Aug 18 20:28:19.595238: packet from xx.xxx.xxx.:500: initial Main Mode message received but no connection has been authorized with authby=PSK and xauth=no
Aug 18 20:29:35.184073:
Dave O'Dell
INCREDIBLE CUSTOMER SUPPORT AND GREAT SOFTWARE!!!
Reviewed on Jul 02, 2020
Review from a verified AWS customer
I cannot recommend this team highly enough, they are truly dedicated to making sure you get what you need. Software is great, intuitive, easy to use, makes sense of a complex thing. We enjoy working with them so much.
Armin Nikdel
SCTP Tunnel over Public IP Support
Reviewed on Jun 11, 2020
Review from a verified AWS customer
We were disappointed by lack of support for VPN Tunnel over Public IP via AWS's VPC VPN, so we head toward 3rd parties where we found VNS3.
Everything setup nicely and smooth. Configuring the VPN is simple and straightforward, with full tcpdump log to help debug the tunnels (which AWS own VPN also lack).
We soon realized that SCTP protocol is not tunnel through the VPN. Only TCP and UDP. This pain point of VNS3 suddenly turn into an advantage where customer support applied a patch for us which enabled SCTP protocol in VNS3, now our firewall is complete. We are happy, our customers are happy, and yeah, our partners are also happy!
Alex Hubner
Allow only 1 (one) IPSec endpoint in the free version
Reviewed on Nov 20, 2019
Review from a verified AWS customer
Good solution, but the description is not clear about the limits of the free version. For those looking for a VPN IPSec concentrator, bear in mind that this free version allows for only ONE IPSec endpoint.