Gateway Generation 1 vs Generation 2 Comparison

Blue Cedar Connect Gateway Generation 1 vs Generation 2 Comparison


Download the PDF version of this table



Generation 1 (v 3.22.x)*

Generation 2**

Feature


Comments


Comments

Connectivity Protocol

IKEv1

  • Older protocol (obsolete)
  • No longer maintained or enhanced
  • Vulnerabilities

IKEv2

  • Reduced bandwidth
  • Faster connection establishment
  • MOBIKE—better mobile connection stability
  • Better resilience against DoS
  • Automatic VPN reconnections
  • Latest protocol

Connection Limit

500 (soft appliance)
100,000 (physical appliance)

  • Limited connection count

1,000

  • Reduced deployment footprint and maintenance cost

Addressing

Static, DHCP

  • Reserved static IP addresses
  • DHCP support

Static, DHCP, NAT

  • Reserved static IP addresses
  • DHCP support
  • NAT addressing reduces consumption of private IP space

Monitoring

Syslogs, SNMP


Syslogs, SNMP, Std. Linux Tools 

  • SNMP will not be available at launch time
  • Standardized Linux monitoring tools 

Operating System

Blue Cedar OS

  • Closed OS on top of custom Linux kernel

Red Hat Linux / Cent OS

  • ElemCLI running on a standard Linux operating system
  • Docker based installation

Environments

VMware ESXi, Hyper-V

  • On-premises deployments only

VMware ESXi, AWS, Azure

On-premises or cloud deployments

Upgrading

New VM .ova 
(appliance—in place upgrade via .mfa upgrade files)

  • Download of new .ova with each release
  • Requires copying configuration from old gateway to new gateway. 
  • Requires re-entry of secure passwords, PSK and IKE certificate password

In Place

  • Upgrades will take place on device directly
  • New versions are downloaded directly to the appliance

Client Connectivity

Limited

  • Only IKEv1 Blue Cedar Enforce clients can connect

Expanded

  • New iKEv2 app-level VPN Client that can be integrated into Microsoft Intune apps

Authentication Mechanisms

LDAP, LDAPS, Local User Accounts, Active Directory, or RADIUS


LDAP, LDAPS, Local User Accounts, AD, RADIUS, or OAuth

  • Adds OAuth support for authentication

User Authentication

PSK, Client Certificates, 2FA 

  • Two-factor Authentication (2FA) uses Certificates and Username/Password

Client Certificates, 2FA , OAuth

  • Adds OAuth support for authentication
  • 2FA uses Certificates and Username/Password

Lifespan

June 30, 2021 

Q4 2019 GA

Expected lifespan of 5 years 

Inbound Port Protocols

UDP 4500

  • Authentication and connectivity occur over UDP 4500

UDP  4500, 500 & TLS 443

  • Improved authentication speeds
  • Authentication is over TLS
  • Connectivity is over UDP 4500 / 500 (IPsec)

Interfaces

3

  • Public (External) Interface
  • Private (Internal) Interface
  • Management Interface

2

  • Public (External) Interface
  • Private (Internal) / Management  Interface


* The Gen 1 Gateway has previously been referred to as the Atlas Gateway and the Blue Cedar Gateway.

**Blue Cedar Connect Gateway documentation