[AusNOG] Client VPN Solutions

Jacob Taylor jake at taylornetworks.com.au
Mon Sep 28 17:50:37 EST 2020


I quite like the Pulse Secure offering.
Highlights include:

   - Supports complex access policies - I once configured a policy that
   assigned different IP pools based on AD group membership
   - Supports MFA through any standard RADIUS provider, also has plugins
   for native Okta and Duo integration
   - Provides both a native tunneling client and a web portal (access your
   intranet sites/file servers through a browser)
   - Available as both physical and virtual appliances for on-prem
   deployment
   - Native client supports multiple client OS's:
      - Windows
      - macOS
      - Linux
      - Android
      - iOS

The licensing model can be a head scratcher though.

Cheers,
Jake

On Mon, Sep 28, 2020 at 5:19 PM Chris Barnes <chris.p.barnes at gmail.com>
wrote:

> Might be on the pricier side of things but F5 Big-IP can be used, you'll
> need to license the APM (Access Policy Manager) feature and the number of
> seats you need.
>
> Windows 10, iOS and Android support. Mac is also supported but i think
> only through browser plug-in (could be wrong). it has its own OTP
> authentication option or you can download an iRule to add Google Auth
> functionality. It'll also do Active Directory, LDAP, RADIUS, RSA SerurID,
> and client cert authentication.
>
> You can build a comprehensive access policy to do things like determine
> the type of client being used (e.g. web browser, Android client, Windows 10
> native, etc) and do authentication differently for each, for example, if a
> web browser is detected throw a web login page, if Windows 10 is detected
> do client cert auth, for example. You can also specify individual address
> pools, snat pools, dns servers, traffic marking and shaping, and ACLs.
>
> Its a pretty comprehensive product.
> https://www.f5.com/products/security/access-policy-manager
>
>
> On Mon, 28 Sep 2020 at 14:38, John Cenile <jcenile1983 at gmail.com> wrote:
>
>> G'day Noggers,
>>
>> I was hoping to get some recommendations on VPN solutions people out
>> there are using.
>>
>> Currently we're using a Cisco ASA with the AnyConnect client, however we
>> have found it to be quite limiting in some of the things we want to do
>> (such as built in multifactor, restricting resources to groups, and the
>> throughput of the device itself).
>>
>> Our main requirements are:
>>
>>    - Self hosted / on-premise appliance
>>    - Multifactor support (preferably Google Authenticator)
>>    - Windows, Mac, and iPhone clients
>>
>>
>> I'm also looking at the Fortinet FortiClient software, but it looks very
>> similar to AnyConnect, so I don't have high hopes for it. I'm also looking
>> into the Business OpenVPN product.
>>
>> Any other suggestions / recommendations would be great.
>>
>> John Cenile
>> Github <https://github.com/john30>
>> Twitter <https://twitter.com/cenilejohn>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> --
> Kind Regards,
>
> Christopher Barnes
>
> e. chris.p.barnes at gmail.com
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20200928/c0a555f5/attachment.html>


More information about the AusNOG mailing list