Gateway Generation 1 vs Generation 2 Comparison

Blue Cedar Connect Gateway Generation 1 vs Generation 2 Comparison

Download the PDF version of this table

Generation 1 (v 3.22.x)*

Generation 2**




Connectivity Protocol


  • Older protocol (obsolete)
  • No longer maintained or enhanced
  • Vulnerabilities


  • Reduced bandwidth
  • Faster connection establishment
  • MOBIKE—better mobile connection stability
  • Better resilience against DoS
  • Automatic VPN reconnections
  • Latest protocol

Connection Limit

500 (soft appliance)
100,000 (physical appliance)

  • Limited connection count


  • Reduced deployment footprint and maintenance cost


Static, DHCP

  • Reserved static IP addresses
  • DHCP support

Static, DHCP, NAT

  • Reserved static IP addresses
  • DHCP support
  • NAT addressing reduces consumption of private IP space


Syslogs, SNMP

Syslogs, SNMP, Std. Linux Tools 

  • SNMP will not be available at launch time
  • Standardized Linux monitoring tools 

Operating System

Blue Cedar OS

  • Closed OS on top of custom Linux kernel

Red Hat Linux / Cent OS

  • ElemCLI running on a standard Linux operating system
  • Docker based installation


VMware ESXi, Hyper-V

  • On-premises deployments only

VMware ESXi, AWS, Azure

On-premises or cloud deployments


New VM .ova 
(appliance—in place upgrade via .mfa upgrade files)

  • Download of new .ova with each release
  • Requires copying configuration from old gateway to new gateway. 
  • Requires re-entry of secure passwords, PSK and IKE certificate password

In Place

  • Upgrades will take place on device directly
  • New versions are downloaded directly to the appliance

Client Connectivity


  • Only IKEv1 Blue Cedar Enforce clients can connect


  • New iKEv2 app-level VPN Client that can be integrated into Microsoft Intune apps

Authentication Mechanisms

LDAP, LDAPS, Local User Accounts, Active Directory, or RADIUS

LDAP, LDAPS, Local User Accounts, AD, RADIUS, or OAuth

  • Adds OAuth support for authentication

User Authentication

PSK, Client Certificates, 2FA 

  • Two-factor Authentication (2FA) uses Certificates and Username/Password

Client Certificates, 2FA , OAuth

  • Adds OAuth support for authentication
  • 2FA uses Certificates and Username/Password


June 30, 2021 

Q4 2019 GA

Expected lifespan of 5 years 

Inbound Port Protocols

UDP 4500

  • Authentication and connectivity occur over UDP 4500

UDP  4500, 500 & TLS 443

  • Improved authentication speeds
  • Authentication is over TLS
  • Connectivity is over UDP 4500 / 500 (IPsec)



  • Public (External) Interface
  • Private (Internal) Interface
  • Management Interface


  • Public (External) Interface
  • Private (Internal) / Management  Interface

* The Gen 1 Gateway has previously been referred to as the Atlas Gateway and the Blue Cedar Gateway.

**Blue Cedar Connect Gateway documentation