[AusNOG] Client VPN Solutions
jake at taylornetworks.com.au
Mon Sep 28 17:50:37 EST 2020
I quite like the Pulse Secure offering.
- Supports complex access policies - I once configured a policy that
assigned different IP pools based on AD group membership
- Supports MFA through any standard RADIUS provider, also has plugins
for native Okta and Duo integration
- Provides both a native tunneling client and a web portal (access your
intranet sites/file servers through a browser)
- Available as both physical and virtual appliances for on-prem
- Native client supports multiple client OS's:
The licensing model can be a head scratcher though.
On Mon, Sep 28, 2020 at 5:19 PM Chris Barnes <chris.p.barnes at gmail.com>
> Might be on the pricier side of things but F5 Big-IP can be used, you'll
> need to license the APM (Access Policy Manager) feature and the number of
> seats you need.
> Windows 10, iOS and Android support. Mac is also supported but i think
> only through browser plug-in (could be wrong). it has its own OTP
> authentication option or you can download an iRule to add Google Auth
> functionality. It'll also do Active Directory, LDAP, RADIUS, RSA SerurID,
> and client cert authentication.
> You can build a comprehensive access policy to do things like determine
> the type of client being used (e.g. web browser, Android client, Windows 10
> native, etc) and do authentication differently for each, for example, if a
> web browser is detected throw a web login page, if Windows 10 is detected
> do client cert auth, for example. You can also specify individual address
> pools, snat pools, dns servers, traffic marking and shaping, and ACLs.
> Its a pretty comprehensive product.
> On Mon, 28 Sep 2020 at 14:38, John Cenile <jcenile1983 at gmail.com> wrote:
>> G'day Noggers,
>> I was hoping to get some recommendations on VPN solutions people out
>> there are using.
>> Currently we're using a Cisco ASA with the AnyConnect client, however we
>> have found it to be quite limiting in some of the things we want to do
>> (such as built in multifactor, restricting resources to groups, and the
>> throughput of the device itself).
>> Our main requirements are:
>> - Self hosted / on-premise appliance
>> - Multifactor support (preferably Google Authenticator)
>> - Windows, Mac, and iPhone clients
>> I'm also looking at the Fortinet FortiClient software, but it looks very
>> similar to AnyConnect, so I don't have high hopes for it. I'm also looking
>> into the Business OpenVPN product.
>> Any other suggestions / recommendations would be great.
>> John Cenile
>> Github <https://github.com/john30>
>> Twitter <https://twitter.com/cenilejohn>
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
> Kind Regards,
> Christopher Barnes
> e. chris.p.barnes at gmail.com
> AusNOG mailing list
> AusNOG at lists.ausnog.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the AusNOG