Back to Blog


Netgate TNSR Software Now Approved By AWS Foundational Technical Review

Netgate TNSR Software Now Approved By AWS Foundational Technical Review

Netgate is pleased to announce that the TNSR High-Performance vRouter & VPN Concentrator software has been approved under the AWS Foundational Technical Review (FTR) process.

The FTR process is designed to allow AWS Partners, like Netgate, to confirm their development processes are aligned with AWS best practices in security, reliability, and operational excellence. These practices ensure the best possible customer experience when using Netgate products on AWS.

What is the AWS FTR?

The Amazon Web Services Foundational Technical Review (FTR) process serves to ensure that products running on AWS are developed in alignment with six guiding principles or best practices in mind:

  1. Operational Excellence - focuses on continuous improvement of processes and procedures
  2. Security - focuses on confidentiality and integrity of data
  3. Reliability - focuses on performance as intended
  4. Performance Efficiency - focuses on optimization of computing resources
  5. Cost Optimization - focuses on resources over time without overspending
  6. Sustainability - This newest concept focuses on a shared responsibility model for minimizing environmental impact when running workloads in the cloud.

These concepts are developed to provide the customer with the best possible user experience when using AWS Partner products on the cloud.

Benefits of Network Security in the Cloud

The opportunity to benefit from AWS economies of scale and simplify on-premises infrastructure are compelling reasons for organizations to switch to the cloud. Whether they want to enjoy the ability to automatically scale capacity up and down, simplify their data storage needs, decrease capital expenditures (and convert “capex" to operating expenditures, or “opex”), increase their global reach, or stop estimating capacity, there are many advantages of cloud usage. Combine this migration with the need to securely connect mobile users, on-prem to cloud or cloud to cloud, and we see an increasing demand for high-performance VPN concentrators and routers.

TNSR software from Netgate delivers high-performance routed site-to-site and remote access VPNs via IPsec or WireGuard® - ideal for edge, cloud, and multi-cloud connectivity. Many people are familiar with TNSR vRouter software on Netgate secure router appliances, ISOs and VMs. TNSR software is also available on the AWS cloud.

Benefits of TNSR Software on AWS


AWS VPN tunnels are limited to 1.25 Gbps of throughput. There are other limits as well, such as maximum customer gateways, connection count, etc. Please see While customers may create multiple tunnels and leverage ECMP to overcome this limit, this can get complicated at scale and adds to the connection count. There is also no guarantee of equal distribution depending on the 5 tuple hash flows of customer traffic. TNSR software performance scales based on the underlying hardware and network. Right-sizing CPU and memory allows the software to achieve significantly higher performance. TNSR is offered based on the number of tunnel terminations you need, which means maximum performance at a minimal cost.


Customers can use all standard BGP attributes to control traffic flows between their locations and the AWS edge. Customers find it useful to leverage route filtering, community strings, route maps, etc. The VPN connection may be IPsec or WireGuard®. Customers may also use OSPF between the branch and AWS TNSR Edge.


There are multiple ways to manage TNSR software, including Command Line Interface (CLI), RESTCONF API, and Graphical User Interface (GUI). TNSR software configuration through CLI and RESTCONF API enables the product to be managed by IT automation platforms like Ansible®, SaltStack®, Puppet®, or Chef™. The RESTCONF API enables both automation and orchestration.

TNSR software can export data to Prometheus, ERSPAN, and IPFIX, allowing customers to use their existing on-site & cloud-hosted monitoring solutions. Using the same configuration commands across platforms helps streamline operations. TNSR also supports SNMP. We chose to support SNMP in TNSR as it collects, organizes, and sends data from various devices for network monitoring, assisting with fault identification and isolation, and is deployed almost everywhere.


TNSR High-Performance VPN Concentrator is priced based on the number of VPN connections, with a discount for one-year and multi-year contracts. There are no additional TNSR data processing fees (AWS still charges for some data transfers). Using TNSR High-Performance Router & VPN Concentrator, customers can achieve significant cost savings.

See our Total Cost of Ownership (TCO) Blog to learn more about how TNSR on AWS can save you money.


Netgate approaches product development with best practices and the customer experience in mind. As a result of passing the FTR process for TNSR software, AWS recognizes Netgate for its technical expertise at the Differentiated Partner level. This confirms our development efforts and dedication to the customer experience, as evidenced by ourResources Library and ourTechnical Assistance Center (TAC). Netgate continuously updates detailed documentation for TNSR software on AWS and offers 24x7 support to help customers. Plus, it is now easier than ever to find us on the AWS Partner Solutions Finder.

To learn more about TNSR High-Performance VPN Concentrator in AWS, go to the AWS marketplaces. For additional information or questions, contact Netgate at +1(512) 646-4100 or