[AusNOG] Client VPN Solutions

Jacob Taylor jake at taylornetworks.com.au
Mon Sep 28 17:50:37 EST 2020

I quite like the Pulse Secure offering.
Highlights include:

   - Supports complex access policies - I once configured a policy that
   assigned different IP pools based on AD group membership
   - Supports MFA through any standard RADIUS provider, also has plugins
   for native Okta and Duo integration
   - Provides both a native tunneling client and a web portal (access your
   intranet sites/file servers through a browser)
   - Available as both physical and virtual appliances for on-prem
   - Native client supports multiple client OS's:
      - Windows
      - macOS
      - Linux
      - Android
      - iOS

The licensing model can be a head scratcher though.


On Mon, Sep 28, 2020 at 5:19 PM Chris Barnes <chris.p.barnes at gmail.com>

> Might be on the pricier side of things but F5 Big-IP can be used, you'll
> need to license the APM (Access Policy Manager) feature and the number of
> seats you need.
> Windows 10, iOS and Android support. Mac is also supported but i think
> only through browser plug-in (could be wrong). it has its own OTP
> authentication option or you can download an iRule to add Google Auth
> functionality. It'll also do Active Directory, LDAP, RADIUS, RSA SerurID,
> and client cert authentication.
> You can build a comprehensive access policy to do things like determine
> the type of client being used (e.g. web browser, Android client, Windows 10
> native, etc) and do authentication differently for each, for example, if a
> web browser is detected throw a web login page, if Windows 10 is detected
> do client cert auth, for example. You can also specify individual address
> pools, snat pools, dns servers, traffic marking and shaping, and ACLs.
> Its a pretty comprehensive product.
> https://www.f5.com/products/security/access-policy-manager
> On Mon, 28 Sep 2020 at 14:38, John Cenile <jcenile1983 at gmail.com> wrote:
>> G'day Noggers,
>> I was hoping to get some recommendations on VPN solutions people out
>> there are using.
>> Currently we're using a Cisco ASA with the AnyConnect client, however we
>> have found it to be quite limiting in some of the things we want to do
>> (such as built in multifactor, restricting resources to groups, and the
>> throughput of the device itself).
>> Our main requirements are:
>>    - Self hosted / on-premise appliance
>>    - Multifactor support (preferably Google Authenticator)
>>    - Windows, Mac, and iPhone clients
>> I'm also looking at the Fortinet FortiClient software, but it looks very
>> similar to AnyConnect, so I don't have high hopes for it. I'm also looking
>> into the Business OpenVPN product.
>> Any other suggestions / recommendations would be great.
>> John Cenile
>> Github <https://github.com/john30>
>> Twitter <https://twitter.com/cenilejohn>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> --
> Kind Regards,
> Christopher Barnes
> e. chris.p.barnes at gmail.com
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20200928/c0a555f5/attachment.html>

More information about the AusNOG mailing list