Sold by: Cohesive Networks
Deployed on AWS
AWS Free Tier
VNS3 is a software-only controller that can run standalone, in a distributed transit mesh, in a single cloud or multicloud deployment. It provides a Firewall, Router, IPsec / OpenVPN / WireGuard® VPN, BGP, NAT Gateway, Transit Gateway, and more. *LIMIT ONE (1) PER CUSTOMER*
4.4
Overview
VNS3 in AWS allows customers to deliver improved security, connectivity, and compliance while minimizing complexity. Our multicoud network controller can be deployed as a router, switch, site-to-site IPsec VPN, People VPN, firewall, protocol re-distributor, or any combination of functions you want.
Fully Encrypt ALL Data-in-Motion and Own Your Security VNS3 supports a wide range of encryption algorithms and connection parameters to facilitate compliance with industry regulations (like HIPAA, PCI, FIPS, etc.), internal requirements, or the demands of connecting parties. VNS3 encrypts all data in motion to, from, and within the cloud allowing you to control your cryptographic keys. VNS3 extends the capabilities of your Azure deployment by ensuring that all traffic is encrypted between your virtual networks, regions, and other cloud providers.
Unparalleled Support for Advanced Networking Use-Cases VNS3 subnets can span virtual networks, regions and clouds, easily handling the headache of address overlap. VNS3 also offers the advantage of BGP active-active connections, preferred peer lists, and our high-availability, instance-based IPsec failover add-on.
Customize Your Network With a Plugin Platform in Your Edge VNS3 is flexible and extensible; add SSL termination, load balancing, content caching, intrusion detection, or other network services directly to your VNS3 instance using our ever-expanding list of partner plugins including popular Open Source projects like Suricata, Snort, Zeek, HAproxy, NGINX, Varnish, Squid, OWASP ZAP and more.
Easy Implementation and Management Implement and integrate VNS3 with existing network equipment without any new knowledge or training for your developers and cloud architects. Empower your team to do everything from connecting a secure & flexible VPN IPsec tunnel to managing complex cross-cloud networks. Dynamically launch and configure your overlay network in minutes using the REST API, web-based UI, or popular automation frameworks like Ansible, Azure Resource Manager templates, or Terraform.
Connect to your existing monitoring systems using SNMP or Netflow and integrate to SaaS monitoring systems like DataDog and SumoLogic with ease.
VNS3 supports connecting to most IPsec data center solutions, as well as to Cloud Service Providers: Cisco Systems, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, LibreSwan, OpenSwan, pfSense, Vyatta, AWS VPN, Google VPN, Azure VPN, and more.
VNS3 Free is a free, self-service cloud connectivity and security appliance (you only pay VNS3 instance runtime fees) for smaller cloud deployments.
CLICK-THROUGH LICENSE LIMITS ONE (1) INSTANCE PER CUSTOMER
Highlights
- Next Generation Network Security Appliance: firewall, VPN concentrator (IPsec and TLS), router, switch, protocol redistributor, application delivery controller (layer 4 - layer 7 network services plugin system), and scriptable/dynamic SDN.
- End-to-End Encryption of all data in motion to/from/between clouds via the Overlay Network unique to Cohesive Networks VNS3. Create an encrypted and highly available network deployed across availability zones, regions and clouds.
- Easier, faster and more secure than the alternatives. VNS3 was first to cloud and is approaching 1 billion device hours in production deployments.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux 6.7.8
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
This product is available free of charge. Free subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier for more details.
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Version 6.7.8 includes various bug fixes, enhancements, and optimizations. For more information, see the VNS3 Release Notes - https://docs.cohesive.net/docs/vns3/release-notes/ .
Cohesive Networks support staff is available to help with your deployment or upgrade. Create a ticket on our support system (http://support.cohesive.net ) for assistance.
Additional details
Usage instructions
Once the instance is running, access the UI via browser at https://<public_dns>:8000 with vnscubed as the username and the instance id as the password (See Configuration Document).
Note: The default 0.0.0.0/0 rule enables universal initial connectivity but should be restricted to the IP(s) used for VNS3 controller management post-deployment.
Resources
Support
Vendor support
Forum support as available
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Built on the VNS3 Application Security Platform, this NATe edition provides a NAT-Gateway at a lower price with comparable performance to cloud platform NAT Gateways, while providing visibility and control for your NAT traffic needs.
VNS3 is a secure multicloud network virtualization platform. It connects your on-premises, public cloud and SaaS apps in a scalable and highly available network. VNS3 Multicloud Link provides a centralized management interface for your network connections and security policies. VNS3 helps control network traffic, secure your data and apps, and simplify multi-cloud deployments.
VNS3 is a software-only controller that can run standalone, in a distributed transit mesh, in a single cloud or multicloud deployment. It provides a Firewall, Router, IPsec / OpenVPN / WireGuard® VPN, BGP, NAT Gateway, Transit Gateway, and more.
VNS3 is a software-only controller that can run standalone, in a distributed transit mesh, in a single cloud or multicloud deployment. It provides a Firewall, Router, IPsec / OpenVPN / WireGuard® VPN, BGP, NAT Gateway, Transit Gateway, and more.
Customer reviews
reviewer2843604
Object locking has ensured compliant backups and simple internal file sharing for our team
Reviewed on May 20, 2026
Review from a verified AWS customer
What is our primary use case?
VNS3 is primarily used for backup and storage purposes, allowing us to maintain our daily logs and store them there. For compliance requirements, we archive files and other storage on VNS3 .
When we perform deletions, we log them on VNS3 and then apply lifecycle rules after a month so that we can archive the data for future use.
We also use VNS3 for simple static website hosting and for sharing our internal files with our organization's team members.
What is most valuable?
The most useful features in VNS3 are object locking and its compliance capabilities.
Object locking is excellent for compliance because when we lock any objects on VNS3, the objects cannot be modified or altered, which is beneficial for compliance and ensures that nobody can change or edit the files.
It has been easier working with team members using VNS3, and we can share and log our files whenever we want.
What needs improvement?
VNS3 could benefit from additional features such as the ability to share files through a pre-signed URL, which would be useful for team members to collaborate.
Implementing pre-signed URL functionality and other features would enhance the product, though it is already excellent in its current form.
For how long have I used the solution?
I have been using VNS3 for about one year and it is a great product.
What do I think about the stability of the solution?
VNS3 has been great in terms of stability and I have not experienced any issues.
What do I think about the scalability of the solution?
VNS3 is highly scalable and can handle growth and other workloads effectively.
How are customer service and support?
We have not needed customer support for VNS3 and it has proven to be quite reliable.
Which solution did I use previously and why did I switch?
How was the initial setup?
I purchased VNS3 through the AWS Marketplace .
What was our ROI?
Beyond the object storage capabilities, we have been able to save money with VNS3.
What's my experience with pricing, setup cost, and licensing?
The pricing, setup cost, and licensing for VNS3 are reasonable at the current price.
Which other solutions did I evaluate?
We found that VNS3 is a great product and did not evaluate other options.
What other advice do I have?
People should try VNS3 as we have not faced any issues with this product and I recommend it to others. I gave this review a rating of 8.
Fadero Fadero
Centralized networking has secured multi-cloud data pipelines and improves analytics reliability
Reviewed on May 08, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for VNS3 is cloud networking to manage ETL pipelines, data warehouses, and cloud environments without relying on cloud networking services alone.
A quick example of how I use VNS3 for managing ETL pipelines and data warehouses involves running ETL pipelines in AWS while the source databases remain on-premises or in another cloud environment such as Azure . VNS3 creates a secure, encrypted connection between environments, allowing tools such as Apache Airflow , dbt , or ETL Python jobs to move data safely without exposing databases directly to the internet. An example would be an Airflow pipeline in AWS that securely pulls HubSpot or ERP data from a private corporate network, transforms it in a cloud environment such as BigQuery or Snowflake , and then pushes analytics out to BI systems or the VNS3 overlay network.
Another strong use case I have is segregating sensitive analytics workloads, keeping finance or healthcare data pipelines isolated with tighter network controls and firewall policies. From an engineering operations perspective, I appreciate that VNS3 gives us more centralized visibility and control over networking compared to manually managing many individual VPNs and routing rules across cloud platforms.
What is most valuable?
One of the best features VNS3 offers is the encrypted overlay networking, which makes secure connectivity across AWS, on-premise, and multi-cloud environments much simpler and more controllable. Another strong feature is the centralized management approach, where routing, firewall rules, VPNs, and segmentation can all be managed from one controller instead of juggling multiple cloud networking tools. From a DevOps and data engineering perspective, the API-driven automation is a significant advantage as it integrates well with infrastructure as code or workflows such as Terraform and CloudFormation .
VNS3 has positively impacted my organization by centralizing management and reducing operations overhead in terms of manpower and cost. From a data engineering perspective, it improves ETL reliability, speeds up deployment of new pipelines, and strengthens security for data moving between cloud and on-premise systems. It also helps scale our multi-cloud infrastructure more confidently while maintaining compliance and visibility of our network traffic.
One specific outcome I can share is that we have reduced downtime associated with troubleshooting. When pipelines are deployed on connectivity between cloud analytics platforms and private databases, diagnosing failures in traditional setups involved multiple VPNs and routing layers, which could take hours. With VNS3, centralized visibility into tunnel health and routing makes it easier to quickly identify whether the issue is network related, firewall related, or application related. This results in more reliable reporting cycles and fewer disruptions to downstream business users.
What needs improvement?
VNS3 could improve in terms of ease of setup, as while it is powerful, initial configuration for complex multi-cloud topologies can still feel quite technical and requires strong networking knowledge. Another potential improvement would be to tighten native integration with modern data stack tools; Airflow, dbt , and cloud data warehouses can benefit from more out-of-the-box connectivity templates. Additionally, the user interface and observability experience could be more modern and intuitive, especially for quickly diagnosing network flows without diving deep into logs.
A pain point regarding needed improvements is that troubleshooting can still feel quite network engineering heavy. For data teams in my organization, we often want more pipeline-level visibility, such as directly seeing which ETL jobs or data flows are impacted when a tunnel or route changes. I would also appreciate more automation around policy setup, such as having auto-generated secure network templates for common data architectures such as AWS to Snowflake or on-premises to BigQuery , which would significantly reduce setup time.
For how long have I used the solution?
I have been using VNS3 for four to five years.
What other advice do I have?
I encourage others looking into VNS3 to be very clear on their network architecture before starting, as it is powerful but not something you want to figure out as you progress. Understanding how to connect on-premise and other cloud systems effectively is crucial, so I recommend conducting some kind of review and research before expanding. You can also start small, proving it with one or two data flows before expanding. I would rate this product a 9 overall.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Ivan_review
IPSEC ENDPOINT NAME BUG
Reviewed on Aug 18, 2022
Review from a verified AWS customer
The free latest version has a bug. It adds characters to the Endpoint name.
Aug 18 20:27:51.644374: initiating all conns with alias='cftconn_1_knoxxidr_1'
Aug 18 20:27:51.644406: no connection named "cftconn_1_knoxxidr_1"
Aug 18 20:28:01.762342: initiating all conns with alias='cftconn_1_knoxxidr_1'
Aug 18 20:28:01.763290: no connection named "cftconn_1_knoxxidr_1"
Aug 18 20:28:18.459324: forgetting secrets
Aug 18 20:28:18.459388: loading secrets from "/etc/ipsec.secrets"
Aug 18 20:28:19.546430: forgetting secrets
Aug 18 20:28:19.546475: loading secrets from "/etc/ipsec.secrets"
Aug 18 20:28:19.595238: packet from xx.xxx.xxx.:500: initial Main Mode message received but no connection has been authorized with authby=PSK and xauth=no
Aug 18 20:29:35.184073:
Dave O'Dell
INCREDIBLE CUSTOMER SUPPORT AND GREAT SOFTWARE!!!
Reviewed on Jul 02, 2020
Review from a verified AWS customer
I cannot recommend this team highly enough, they are truly dedicated to making sure you get what you need. Software is great, intuitive, easy to use, makes sense of a complex thing. We enjoy working with them so much.
Armin Nikdel
SCTP Tunnel over Public IP Support
Reviewed on Jun 11, 2020
Review from a verified AWS customer
We were disappointed by lack of support for VPN Tunnel over Public IP via AWS's VPC VPN, so we head toward 3rd parties where we found VNS3.
Everything setup nicely and smooth. Configuring the VPN is simple and straightforward, with full tcpdump log to help debug the tunnels (which AWS own VPN also lack).
We soon realized that SCTP protocol is not tunnel through the VPN. Only TCP and UDP. This pain point of VNS3 suddenly turn into an advantage where customer support applied a patch for us which enabled SCTP protocol in VNS3, now our firewall is complete. We are happy, our customers are happy, and yeah, our partners are also happy!