Hello All,
Is it possible to get your ideas on what VPN appliances are good to have in
enterprise network?
Requirements are;
SSL
IPSec
Client and Web VPN support (Win/MAC/iPhone/Android)
If webvpn is used, then when any user connects via webvpn, we should be able
to re-direct him to any and ONLY specific application i.e SAP.
If 2 boxes are installed then they should replicate data seamlessly.
Regards,
dI
The Juniper SA is by far and away the market leader and in my opinion the best end user experience.
We're generally happy with our Juniper SA6500s, but they, and a lot of the other SSL VPN vendor appliances will not support IPSec. Cisco's ASA does, but it's less feature-rich in the SSL VPN arena. The Juniper was the most mature and flexible of all the offerings we looked at, but also the most expensive, and it's not perfect either.
Having migrated from Cisco's 3000 series appliances, the current SSL VPNs are a totally different mindset and about two orders of magnitude more complicated. Have a very good understanding of exactly what problem you're trying to solve with the product and what kind of policies and requirements you have to meet, or it's going to be a mess. I can answer more specific questions on our experiences and testing off-list.
I've used the Cisco ASAs without issue. Cisco flamers need not respond.
This is a bit of a loaded question though.
- Brian
From: Dawood Iqbal [mailto:Dawood_Iqbal@hotmail.com]
Sent: Friday, March 05, 2010 9:58 AM
To: nanog@nanog.org
Subject: Best VPN ApplianceHello All,
Is it possible to get your ideas on what VPN appliances are good to
have in
enterprise network?Requirements are;
SSL
IPSec
Client and Web VPN support (Win/MAC/iPhone/Android)
If webvpn is used, then when any user connects via webvpn, we should
be
able
to re-direct him to any and ONLY specific application i.e SAP.If 2 boxes are installed then they should replicate data seamlessly.
Regards,
dI
CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged information. Any unauthorized review,
copying, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original message. Thank you.
We've been running various Fortinet Fortigate appliances since 2003 and have had very good luck with them. Clustering is plug-and-play...boxes act as a single managed unit and do stateful failover of VPN connections. We use the IPsec for site-to-site between our offices and our data centers, the SSL VPN we use for all of our road tunnels. SSL clients work great on WinXP, Win7 and OS X. There's a new iPhone app as well for the web-based VPN.
-J