Hi everyone,
I’m trying to find the best solution. Currently, when staff needs to remote into work, they login to the Sonicwall SSL VPN built into the Sonicwall TZ 100. From there they have a bookmark and connect to their computer. It works pretty well, staff doesn’t need to install a client VPN. I’m looking to switch the Sonicwall out for another firewall. Any recommendations on one that provides the same time of clientless VPN solution the Sonicwall has?
Thanks,
4 Spice ups
maxsec
(maxsec)
2
Sophos UTMs can do this well
2 Spice ups
I use the Sophos UTM and I don’t like how it works.
Neally
(Neally)
4
Any particular reason?
I have no experience wit Sophos, but people here seem to really like Sophos. ¯_(ツ)_/¯
It’s really slow when connecting to workstations. I’ve worked with tech support and they don’t have a resolution.
Neally
(Neally)
6
Can you elaborate? What is your ISP speed? What is the ISP speed of that other end ?
1 Spice up
maxsec
(maxsec)
7
Slow can be because of severa; reasons -
how’s busy is the CPU on the Sonicwall?
How busy is the line from the office to the internet?
Any other speed issues reported?
1 Spice up
WatchGuard comes with a free client, but will work with other OpenVPN compatible SSL VPN clients as well.
That means, a client install is needed, but from there on (with WatchGuards client) you just have to enter the IP address or hostname of your gateway and your credentials, no other configuration is needed.
WatchGuard used to have a special SSL VPN gateway, that was capable of clientless SSL (using Java I think), but discontinued that product line.
So if you are on the search for a clientless SSL VPN solution, WatchGuard will probably not be your pick.
But if you need Java to run clientless, than I suppose, it might be better to have to install a slim client.
Users can always download the client software from the firewall directly and the installation is really simple.
Another point with WatchGuard is the number of SSL VPN users - this is limited by the firewall model. Usually you get more than enough licenses, when you choose the right size of appliance for your company, but sometimes things may surprise, so it is good to check the license count upfront to avoid later unpleasant surprises.
The basic setup of the SSL VPN on the firewall is very simple, but may get a bit more complicated, if you want to set strict rules for what one or the other user may be allowed to do over the VPN.
MI50
(MI50)
9
Meraki MX series great vpn connection and easy to setup.
Also for the lower end I like these two
^^This, plus how many concurrent users? What is your upload speed?
You may need a faster device, need to up your WAN connection speed or both.
The TZ 100 could be the bottle neck, it only has 100 MB ports.
tobywells
(toby wells)
12
We use Sophos UTM but take it a step further, we give everyone a Sophos RED appliance at home so they literally have nothing to do to connect.
They open laptop, it joins the RED wireless and they are connected…
Of course there is an SSL service when they are on the move as well. Saves the SSL VPN config in the tray and they just hit connect and after handshake they are in, really easy
1 Spice up
tobywells
(toby wells)
13
So your post says you are using a Sonicwall but this implies you are using a Sophos UTM
You could go for
- OpenVPN (but I don’t like the client and the TAP drivers at all) or just use
- SSTP VPN in Server 2012 R2 (builtin) or
- SSTP on Forefront UAG (if you have that, it’s not sold anymore).
SSTP is a single port SSL VPN (OSI layer 7) and works for everything Windows 7 and newer. There are some alternative clients available for Linux, but haven’t tried them yet. Easy to setup, good performance, built into Windows clients.
You may also want to check our Cisco Anyconnect VPN client.
For further info, please send me a PM
Thanks!
-Ferdinand
WatchGuard UTM is what we use. Two M300 models.
BOVPN between sites, and SSLVPN for remote users.
