[AusNOG] Client VPN Solutions
Chris Barnes
chris.p.barnes at gmail.com
Mon Sep 28 17:18:21 EST 2020
Might be on the pricier side of things but F5 Big-IP can be used, you'll
need to license the APM (Access Policy Manager) feature and the number of
seats you need.
Windows 10, iOS and Android support. Mac is also supported but i think only
through browser plug-in (could be wrong). it has its own OTP authentication
option or you can download an iRule to add Google Auth functionality. It'll
also do Active Directory, LDAP, RADIUS, RSA SerurID, and client cert
authentication.
You can build a comprehensive access policy to do things like determine the
type of client being used (e.g. web browser, Android client, Windows 10
native, etc) and do authentication differently for each, for example, if a
web browser is detected throw a web login page, if Windows 10 is detected
do client cert auth, for example. You can also specify individual address
pools, snat pools, dns servers, traffic marking and shaping, and ACLs.
Its a pretty comprehensive product.
https://www.f5.com/products/security/access-policy-manager
On Mon, 28 Sep 2020 at 14:38, John Cenile <jcenile1983 at gmail.com> wrote:
> G'day Noggers,
>
> I was hoping to get some recommendations on VPN solutions people out there
> are using.
>
> Currently we're using a Cisco ASA with the AnyConnect client, however we
> have found it to be quite limiting in some of the things we want to do
> (such as built in multifactor, restricting resources to groups, and the
> throughput of the device itself).
>
> Our main requirements are:
>
> - Self hosted / on-premise appliance
> - Multifactor support (preferably Google Authenticator)
> - Windows, Mac, and iPhone clients
>
>
> I'm also looking at the Fortinet FortiClient software, but it looks very
> similar to AnyConnect, so I don't have high hopes for it. I'm also looking
> into the Business OpenVPN product.
>
> Any other suggestions / recommendations would be great.
>
> John Cenile
> Github <https://github.com/john30>
> Twitter <https://twitter.com/cenilejohn>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
--
Kind Regards,
Christopher Barnes
e. chris.p.barnes at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20200928/c06cf839/attachment.html>
More information about the AusNOG
mailing list