NordLayer 2024 Review: The Big Test of a Corporate VPN, Where Are Its Weaknesses?
by Petr Novák, updated January 1, 2024
-
NordLayer: Pros, Cons and Comparison of All Corporate VPN Options
- The provider is based in a member country of the 5 Eyes alliance
- Many additional security features
- Superior features for administrators
- Ability to create a site-to-site VPN with a dedicated server
- Top-of-the-line NordLynx protocol
- Very good customer support
NordLayer is a VPN specifically designed for small businesses with at least five users, medium-sized businesses and large corporations. Unlike a regular VPN, it offers special features for network administrators and additional security features.
The operator of the service is the American company Nord Security Inc., which also owns the NordVPN service for individual users. The same ownership group as NordLayer also includes Surfshark and Atlas VPN Pro.
We have thoroughly tested NordLayer’s corporate VPN and found its strengths and weaknesses.
In repeated measurements, NordLayer achieved very good transfer speeds, with download and upload speeds above 100 Mbps. This value is sufficient for transferring large files and for fast data backups to the cloud. Users can choose from servers in 35 locations across the world in the app. They also have a dedicated server that is only for users from the same organization.
The NordLayer app has implemented important DNS leak protection and a kill switch feature that disconnects the device from the Internet if the connection to the VPN server is lost. This prevents possible data compromise and disclosure of the user’s real IP address.
The advantage of NordLayer is the wide range of features and tools that allow administrators to change the VPN settings for their company’s needs. Automatic launch of the app and connection to the VPN can be enabled when the device boots up or when connected to an unknown wi-fi network. The administrator can enable additional security features for users, such as two-factor authentication or biometric authentication. In the account management, the administrator can monitor the activity of individual users and, if necessary, block them from accessing selected websites.
NordLayer is well secured against possible leaks of user data by using only servers equipped with RAM memory, which does not allow long-term storage. As a result, the servers can no longer collect transmitted data, lists of websites visited or IP addresses of users.
NordLayer’s customer support is also excellent and available 24/7.
-
NordLayer: Comparison of Lite, Core and Premium
NordLayer subscriptions come in three variants, which differ in features and naturally also in price. For the most demanding customers, NordLayer offers a customised programme in which the individual parameters of the service can be configured in detail.
Parameter Lite Core Premium Server Performance up to 1 Gbs up to 1 Gbs up to 1 Gbs Shared Sites over 30 over 30 over 30 Private Sites ❌ No over 30 over 30 Dedicated server with fixed IP ✔️ Yes ✔️ Yes ✔️ Yes IP allowlisting ✔️ Yes ✔️ Yes ✔️ Yes Automated threat detection ✔️ Yes ✔️ Yes ✔️ Yes Number of different protocols 4 4 4 NordLynx protocol ✔️ Yes ✔️ Yes ✔️ Yes Custom DNS ❌ No ✔️ Yes ✔️ Yes Manual network configuration ❌ No ✔️ Yes ✔️ Yes Browser Extensions ❌ No ❌ No ✔️ Yes Smart Remote Access ❌ No ❌ No ✔️ Yes Dedicated Account Manager ❌ No ✔️ Yes ✔️ Yes 👨💼 Minimum number of NordLayer licenses
For all subscription options, the minimum is 5 paying users. A dedicated IP address can be optionally added to NordLayer Core and NordLayer Premium licenses.
🧪 Trial version of NordLayer
NordLayer does not offer a trial version in the classical sense, but you can activate a demo account via customer support, which includes all the features offered. Alternatively, you can pay for the service and take advantage of the money back guarantee, where 100% of the amount is refunded within the first 14 days. The money back guarantee does not apply to payment in Bitcoins.
💳 How to pay your NordLayer subscription
You can use a debit or credit card to pay for your subscription, bank transfer and if your order exceeds $1,000, you can pay with Bitcoins. All orders are of course accompanied by an invoice and a tax receipt.
-
Device Support at NordLayer: Windows, macOS, Android, iOS…
The NordLayer app is available for all common platforms that are used at work. It can be installed on Windows, macOS and Linux computers and on Android and iOS mobile phones.
Support for securing smart TVs, game consoles or alternative devices is directly missing. All devices connected to the same network can be protected by installing NordLayer directly on the router.
Starting with the Premium variant, NordLayer is also available as an extension for Chrome, Edge and Mozilla browsers.
If an employee has trouble installing the original NordLayer application, it is possible to download the IKEv2 or OpenVPN configuration and use an external solution.
-
NordLayer App: User-Friendliness, Whitelist, Server Selection…
The NordLayer desktop and mobile app is user-friendly and simple. Users can easily download it and log in with an assigned username and password, which can optionally be supplemented with a code for two-factor authentication. There are several languages to choose from within the app. Changing the colour theme of the template is not possible.
In the settings, you can activate the automatic launch of the app after the device boots or enable advanced security features. These include a kill switch or automatic connection to NordLayer after logging into an unsecured wi-fi network. You can also turn on notifications informing you when the connection status changes.
The protocol is selected automatically from NordLynx, OpenVPN UDP, OpenVPN TCP and IKEv2. In case of problems, the protocols can be switched manually.
Locations are sorted alphabetically in the list, individual countries can be saved as favorites. The corporate gateway is displayed above the common sites. Connecting to it can be secured by requiring biometric authentication, for example in the form of a fingerprint. The corporate gateway ensures that all users have the same IP address.
In the web browser extension, whitelisting (called split tunneling) can be used to define websites that can be accessed without a VPN.
-
NordLayer Configuration Options: User-Friendliness, Reports…
With NordLayer, the corporate network administrator has quite a wide range of options to set or restrict the rights of individual members of the organization.
The main feature is the ability to set up a private secure gateway with a static VPN that individual users can connect to. The admin interface shows the server load, plus there is the option to set up a site-to-site secure connection to the corporate network via a dedicated server.
For a server with a corporate private gateway, Deep Packet Inspection can be activated, which, in simple terms, inspects all passing data. Another option is DNS filtering, where connected devices will be blocked from accessing selected categories of websites. For example, gambling sites, social networking sites or adult content sites can be banned.
A corporate network administrator can define their own “secure devices”, while denying access to all others. For example, it is possible to allow access only to Windows devices or block all Linux devices. Individual restrictions can be activated down to the operating system version level, and several profiles with different permissions and rules can be created.
Administrators have access to a large number of statistics, and the activity of individual users can be monitored in great detail. For each profile created, the number of connections, duration and servers connected to can be tracked. Any activity associated with the account can be viewed, such as activating two-factor authentication, setting up a dedicated server or DNS filtering.
All statistics can be easily exported in .csv format for more detailed analysis.
For easier user login, SSO (Single Sign-on) can be activated, where a third party account can be used instead of a name and password. For example, Google, Azure AD or OneLogin are supported.
-
NordLayer Speed Test
NordLayer does not restrict users in any way in the amount of data transferred, this applies to Lite, Core and Premium tariffs.
The connection location must always be selected manually, the app does not offer automatic selection of the fastest server. We have repeatedly tested the connection speed for several different servers in different countries.
The download speed reached an average of 140 Mbps, which is sufficient for downloading large files, streaming 4k video and working with data in the cloud.
The average measured upload speed was 110 Mbps. NordLayer can thus be used for fast backups of important corporate data to the cloud or elsewhere on the Internet.
The third parameter monitored is the response rate, which indicates the delay between the signal sent and the server’s response to it. After connecting to NordLayer servers, we measured an average response time of 30 ms, which is sufficient for all Internet activities. For response speed, a lower value is always better. Server responses above 50-100 ms can cause annoying stuttering, for example during video calls.
-
NordLayer Servers and Locations
NordLayer operates servers in 33 countries around the world, with Europe and North America being the best covered.
Servers are also available in the USA, Canada, the UK, Australia, New Zealand and in countries with internet censorship, such as Turkey and the United Arab Emirates. Compared to VPN services for regular users, the number of locations is smaller, but still quite sufficient for most business customers.
Dedicated servers are available in some countries for the exclusive use of specific customers.
The number of servers in operation is not disclosed for security reasons, however, given the brand’s reputation, there will be enough servers to provide a quality service. In addition, NordLayer gives corporate customers the opportunity to have a server customized according to the required parameters.
All servers are physically located in the specified locations. In addition, the servers are equipped exclusively with RAM memory and do not have a hard disk, so they do not allow long-term storage of sensitive data. This practice significantly increases user privacy.
In NordLayer, servers can be saved as favorites and accessed more quickly. You can also set up automatic connections to the selected server when the application is started. The function to automatically select the fastest site at that moment is not available.
🗺️ List of NordLayer Shared Servers
The sites in the list are available to all NordLayer subscribers. Servers in these countries are shared between multiple users.
Europe 🇧🇪 Belgium 🇧🇬 Bulgaria 🇨🇿 Czech Republic 🇩🇰 Denmark 🇫🇮 Finland 🇫🇷 France 🇭🇷 Croatia 🇮🇪 Ireland 🇮🇹 Italy 🇭🇺 Hungary 🇩🇪 Germany 🇳🇱 Netherlands 🇳🇴 Norway 🇵🇱 Poland 🇵🇹 Portugal 🇦🇹 Austria 🇷🇴 Romania 🇸🇰 Slovakia 🇷🇸 Serbia 🇪🇸 Spain 🇸🇪 Sweden 🇨🇭 Switzerland 🇹🇷 Turkey 🇬🇧 United Kingdom North America 🇨🇦 Canada 🇲🇽 Mexico 🇺🇸 USA Asia 🇭🇰 Hong Kong 🇮🇱 Israel 🇯🇵 Japan 🇸🇬 Singapore 🇦🇪 United Arab Emirates Oceania 🇦🇺 Australia 🗺️ List of NordLayer Dedicated Servers
NordLayer’s dedicated servers with fixed IP addresses are for the exclusive use of the subscriber. They are only available with the NordLayer Core and NordLayer Premium subscription options.
Europe 🇧🇪 Belgium 🇨🇿 Czech Republic 🇩🇰 Denmark 🇫🇮 Finland 🇫🇷 France 🇮🇪 Ireland 🇮🇹 Italy 🇱🇹 Lithuania 🇭🇺 Hungary 🇨🇾 Cyprus 🇩🇪 Germany 🇳🇱 Netherlands 🇳🇴 Norway 🇵🇱 Poland 🇦🇹 Austria 🇷🇴 Romania 🇪🇸 Spain 🇸🇪 Sweden 🇬🇧 United Kingdom North America 🇨🇦 Canada 🇺🇸 USA South America 🇧🇷 Brazil Asia 🇯🇵 Japan 🇰🇷 South Korea 🇸🇬 Singapore Africa 🇿🇦 South Africa Oceania 🇦🇺 Australia -
Security at NordLayer: DNS Protection, Kill Switch…
NordLayer offers advanced security features to ensure complete anonymity and protect your entire company from data loss.
The basis of security is the advanced NordLynx security protocol. Developed by Nord Security itself, it is based on the advanced WireGuard protocol, which excels in high transmission speeds. In the setup, NordLynx can optionally be replaced with the security protocols OpenVPN UDP, OpenVPN TCP, or IKEv2.
All transmitted data is protected by 256-bit AES encryption, which is highly secure and is used to secure banking and military systems, among others.
It is possible to create your own gateway with a dedicated IP address within your organization. It can only be accessed from approved devices connected to a given NordLayer account. Connections can optionally be protected with additional biometric verification. This is either a fingerprint or a facial scan on mobile devices, or a password on a computer application.
Better account security can also be achieved with two-factor authentication, where a one-time code from the mobile app or SMS is required during login along with a password.
The NordLayer app has implemented a kill switch feature that disconnects the device from the internet if the connection to the VPN server is lost. This prevents the user’s real IP address and location from being discovered and the transmitted data from being compromised. Once the VPN server is reconnected, the connection is restored. Kill switch is only available with NordLynx and OpenVPN protocols.
Another additional feature of NordLynx and OpenVPN protocols is blocking connections to devices on the home wi-fi network. Devices with active settings will not be able to connect to other computers and mobile phones on the same network, printers or smart TVs. All of these devices can pose a security risk.
NordLayer does not currently support multi-hop connections, where data is routed through two different VPN servers simultaneously. This provides a higher level of security, as a second server protects the user in the event of the first layer of protection being breached.
In the NordLayer administration, individual users can activate the “Always On VPN” feature, which ensures that the internet connection will only work with an active VPN connection. Employees cannot change this setting, so company data remains protected from possible leaks.
Cloud Firewall will ensure the protection of the company’s cloud infrastructure, thanks to dedicated gateways it will be possible to access files and applications even outside the company premises. NordLayer also features ThreatBlock, which blocks malware and other internet threats.
NordLayer’s simple web-based administration makes onboarding and offboarding employees easy. It is easy to restrict user permissions and assign preset roles to which different permissions can be assigned. This can not only increase security but also reduce the volume of traffic on a secure network.
User management is further simplified by the function of blocking devices based on their operating system. For example, if you know that everyone in your company only uses Windows devices, you can easily automatically block connection attempts for iOS, macOS or Android devices.
If you miss a feature, NordLayer’s 24/7 customer support allows you to contact their engineers and request a customized service.
-
Torrenting and Streaming Video with NordLayer
NordLayer is designed for business and corporate customers, yet we have also tested streaming and torrenting capabilities with NordLayer.
Torrenting with active NordLayer protection is possible, although there are no servers specifically optimized for this type of traffic. The actual IP address of the user remains hidden from the adversary, protected by the kill switch function in case of a failure. The download and upload speeds we achieved were sufficient for torrenting.
We tested NordLayer’s ability to make otherwise unavailable movies and series available by connecting to US servers. NordLayerd was successful with YouTube, Netflix, Disney Plus, and Hulu, but despite repeated attempts, we were unable to play video from Amazon Prime Video and HBO Max. Average connection speeds were well above the 50 Mbps required for streaming ultra-high definition 4k video.
Video playback was smooth and there was no annoying loading of content.
-
Computer Load with NordLayer
NordLayer for desktop is one of the very low-maintenance applications, its demands on the device are minimal. The load exerted on the device varies depending on its processor and battery size. On the MacBook test laptop, the CPU and battery load showed 0.1%, with the application taking only 30 MB of RAM capacity.
To reduce system requirements, the app can be disabled to automatically connect to the VPN when the device boots up. However, for maximum protection, we recommend keeping the VPN activated at all times when working with corporate data.
-
NordLayer Headquarters
NordLayer is operated by Nord Security Inc., a company based in New York, USA. Nord Security is a multinational company, some parts of which are also registered in the Netherlands and Lithuania.
NordLayer is affiliated by ownership with NordVPN, Surfshark, Atlas VPN Pro and Atlas VPN Free.
The ownership group also includes Incogni, a service that ensures users have their personal data removed from marketing databases.
-
NordLayer’s Privacy Policy
NordLayer has strict privacy policies. The servers are installed in secure locations and are equipped exclusively with rewritable RAM memory, which does not allow long-term data storage. In addition, all data stored in memory is continuously overwritten and erased even when the server is restarted. They cannot be restored, so the risk of data compromise is minimal.
When using NordLayer, user names, email addresses, employee positions, IP addresses, devices and operating systems used, connection times and servers used are stored. All data is thoroughly encrypted, and there is a reason for collecting this information: to ensure that an administrator in the company has access to the information.
The NordLayer service provider itself has access to data about the service customer, including payment information. Data generated when contacting customer support is also collected, the aim of this step is to improve the level of service provided. If Nord Security Inc. is presented with a binding challenge, the company is obliged to hand over any information requested to the police or the courts.
So far, there is no known data leak from Nord Security Inc. The service has repeatedly passed checks and audits to confirm that user data is not at serious risk. The operator of NordLayer has been issued an ISO/IEC 27001:2013 certificate according to SOC 2 Type I audit rules by TÜV Thüringen.
-
Support at NordLayer: Chat, Email…
Basic NordLayer technical support is available via live chat and email at support@nordlayer.com. A large amount of information can be found in the knowledge base and in the FAQ section. This is also where the support staff referred us to in the live chat.
NordLayer also runs a blog with information from the world of cybersecurity.
NordLayer Core and NordLayer Premium customers with 30 or more users have their own NordLayer account manager. Additionally, when purchasing a customized NordLayer license, an architect is available to help set up parameters to meet the customer’s specific needs.
-
NordLayer FAQs
Is the NordLayer corporate VPN secure?
NordLayer is a leading provider of security solutions for businesses and corporations. We have thoroughly tested the service on several devices and all data traffic, IP addresses and DNS remained reliably hidden. NordLayer uses cutting-edge technologies for data security, including its own NordLynx protocol, which is based on modern WireGuard. Transmitted data is protected by military-grade 256-bit encryption and RAM servers.For even better data and user account security, two-factor authentication or fingerprint-based login to dedicated servers can be activated. Any user can activate the “Always on VPN” feature, which allows them to access the Internet only with an active VPN. Employees do not have the option to deactivate this feature.
Is NordLayer free?
NordLayer is a comprehensive solution for providing cybersecurity in companies, due to the high operating costs it is a paid service. The free version of NordLayer is not available, but you can request access to a test demo for a limited period of time.The NordLayer subscription is offered in three variants, which differ in the number of available features. Detailed information, including pricing, is available at NordLayer.com.
Is NordLayer a VPN?
NordLayer is a solution, its included cloud VPN services for small and large companies. It offers end users a number of features that are familiar from traditional VPN providers. These include a choice of servers in different locations or a kill switch function. NordLayer can also unlock selected streaming services like YouTube, Netflix, Disney Plus or Hulu.NordLayer gives company executives and network administrators a range of options for securing the corporate network and for user administration. Highly detailed rules can be set up and a dedicated server can be created at any location.
