Re: [AusNOG] Client VPN Solutions

2020-09-28 Thread John Cenile 
Thanks everyone for your replies on and off list, I have a good list to
start looking through now.

John Cenile
Github 
Twitter 

On Tue, 29 Sep 2020 at 01:06, Brad Peczka  wrote:

> I’ll also throw a vote in for Palo Alto - the GlobalProtect client is a
> solid product, as is the rest of the box.
>
>
>
> They’re not cheap, but pricing can be whittled down to and will get
> competitive if you’ve got a good reseller and do the usual buy x years of
> maintenance/subscriptions in advance.
>
>
>
> Note also that you don’t need the GlobalProtect license to enable client
> VPN – but it does provide some nifty features that may, or may not, be
> useful to you.
> https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-overview/about-globalprotect-licenses.html
>
>
>
> Regards,
>
> -Brad.
>
>
>
> *From:* AusNOG  *On Behalf Of *DaZZa
> *Sent:* Monday, 28 September 2020 12:56 PM
> *To:* John Cenile 
> *Cc:*  
> *Subject:* Re: [AusNOG] Client VPN Solutions
>
>
>
> Depends on your budget.
>
>
>
> I run Palo Alto's at my edge - and they do all of the above. And you can
> make them work with Linux too.
>
>
>
> Expensive as hell, and they're firewalls with added features, not just VPN
> devices, but they're worth the money for mine.
>
>
>
> D
>
>
>
> On Mon, 28 Sep 2020, 2:38 pm John Cenile,  wrote:
>
> G'day Noggers,
>
>
>
> I was hoping to get some recommendations on VPN solutions people out there
> are using.
>
>
>
> Currently we're using a Cisco ASA with the AnyConnect client, however we
> have found it to be quite limiting in some of the things we want to do
> (such as built in multifactor, restricting resources to groups, and the
> throughput of the device itself).
>
>
>
> Our main requirements are:
>
>- Self hosted / on-premise appliance
>- Multifactor support (preferably Google Authenticator)
>- Windows, Mac, and iPhone clients
>
>
>
> I'm also looking at the Fortinet FortiClient software, but it looks very
> similar to AnyConnect, so I don't have high hopes for it. I'm also looking
> into the Business OpenVPN product.
>
>
>
> Any other suggestions / recommendations would be great.
>
>
>
> John Cenile
>
> Github 
>
> Twitter 
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Azure AD - Office 365 outage

2020-09-28 Thread Bradley Amm 
Might be coming back. Email logged in
Got email from NextDC as well. Won’t be able to OneDC either.


From: AusNOG  on behalf of Joshua D'Alton 

Sent: Tuesday, September 29, 2020 7:16:44 AM
To: Dewayne Geraghty 
Cc: AusNOG@lists.ausnog.net 
Subject: Re: [AusNOG] Azure AD - Office 365 outage

Quite a 'few' :)

It seems to be login.microsoftonline.com 
which is borked, so consequently cannot login to Azure or office online or 
anything which requires authentication via this. The status says existing 
sessions aren't impacted, that might be a bit hit and miss as many existing 
sessions stopped working (because they tried to re-auth token via 
login.ms more than likely, as multiple tabs are now stuck on 
https://login.microsoftonline.com/ORGSITENAMEHERE/oauth2/v2.0/authorize?client_id
 )

On Tue, 29 Sep 2020 at 09:07, Dewayne Geraghty 
mailto:dewa...@heuristicsystems.com.au>> wrote:
On 29/09/2020 8:32 am, Mark Anthony Delfin wrote:
> Good morning all!
>
> Looks like early morning issues for some
> https://status.office365.com/ 
>
> We are affected too.
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>

Thank-you for sharing, that immediately relieved the pressure of having
three "remote" workers accusing my home/enterprise network of being the
cause.  :)

It begs the question - how many industries/people are currently unable
to work, while manning their remote offices...  =:-|
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Azure AD - Office 365 outage

2020-09-28 Thread Joshua D'Alton 
Quite a 'few' :)

It seems to be login.microsoftonline.com which is borked, so consequently
cannot login to Azure or office online or anything which requires
authentication via this. The status says existing sessions aren't impacted,
that might be a bit hit and miss as many existing sessions stopped working
(because they tried to re-auth token via login.ms more than likely, as
multiple tabs are now stuck on
https://login.microsoftonline.com/ORGSITENAMEHERE/oauth2/v2.0/authorize?client_id
)

On Tue, 29 Sep 2020 at 09:07, Dewayne Geraghty <
dewa...@heuristicsystems.com.au> wrote:

> On 29/09/2020 8:32 am, Mark Anthony Delfin wrote:
> > Good morning all!
> >
> > Looks like early morning issues for some
> > https://status.office365.com/ 
> >
> > We are affected too.
> >
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
>
> Thank-you for sharing, that immediately relieved the pressure of having
> three "remote" workers accusing my home/enterprise network of being the
> cause.  :)
>
> It begs the question - how many industries/people are currently unable
> to work, while manning their remote offices...  =:-|
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Azure AD - Office 365 outage

2020-09-28 Thread David Ollis 
2020 is a leap year. SLA is stil maintained..

On Tue, 29 Sep 2020, 09:11 John Edwards,  wrote:

> It is Office 364 now
>
> On Tue, 29 Sep 2020 at 08:36, Dewayne Geraghty <
> dewa...@heuristicsystems.com.au> wrote:
>
>> On 29/09/2020 8:32 am, Mark Anthony Delfin wrote:
>> > Good morning all!
>> >
>> > Looks like early morning issues for some
>> > https://status.office365.com/ 
>> >
>> > We are affected too.
>> >
>> > ___
>> > AusNOG mailing list
>> > AusNOG@lists.ausnog.net
>> > http://lists.ausnog.net/mailman/listinfo/ausnog
>> >
>>
>> Thank-you for sharing, that immediately relieved the pressure of having
>> three "remote" workers accusing my home/enterprise network of being the
>> cause.  :)
>>
>> It begs the question - how many industries/people are currently unable
>> to work, while manning their remote offices...  =:-|
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Azure AD - Office 365 outage

2020-09-28 Thread John Edwards 
It is Office 364 now

On Tue, 29 Sep 2020 at 08:36, Dewayne Geraghty <
dewa...@heuristicsystems.com.au> wrote:

> On 29/09/2020 8:32 am, Mark Anthony Delfin wrote:
> > Good morning all!
> >
> > Looks like early morning issues for some
> > https://status.office365.com/ 
> >
> > We are affected too.
> >
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
>
> Thank-you for sharing, that immediately relieved the pressure of having
> three "remote" workers accusing my home/enterprise network of being the
> cause.  :)
>
> It begs the question - how many industries/people are currently unable
> to work, while manning their remote offices...  =:-|
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Azure AD - Office 365 outage

2020-09-28 Thread Dewayne Geraghty 
On 29/09/2020 8:32 am, Mark Anthony Delfin wrote:
> Good morning all!
> 
> Looks like early morning issues for some
> https://status.office365.com/ 
> 
> We are affected too.
> 
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> 

Thank-you for sharing, that immediately relieved the pressure of having
three "remote" workers accusing my home/enterprise network of being the
cause.  :)

It begs the question - how many industries/people are currently unable
to work, while manning their remote offices...  =:-|
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Azure AD - Office 365 outage

2020-09-28 Thread francisfides 
Good morning. Same issue here with our tenants, either direct with MS in the US 
or here in Australia.
Best wishes to all...

-- 
  
  francisfi...@mailup.net



On Tue, Sep 29, 2020, at 08:32, Mark Anthony Delfin wrote:
> Good morning all!
> 
> Looks like early morning issues for some
> https://status.office365.com/
> 
> We are affected too.
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> 
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Azure AD - Office 365 outage

2020-09-28 Thread Mark Anthony Delfin 
Good morning all!

Looks like early morning issues for some
https://status.office365.com/

We are affected too.
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Client VPN Solutions

2020-09-28 Thread J. Hellenthal 
I might recommend OpenVPN AS. They are license centric on seats but 3 seats 
come with the free appliance and fairly straight forward interface all while 
offering HA configuration so you may have many appliances as a fallback plus 
google authenticator and at least one other I don’t recall off hand. LDAP auth 
is also there.

If anything give the free appliance a run through in a VM you might be happy 
you did.

Good luck 

https://openvpn.net/vpn-server/

-- 
 J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a 
lot about anticipated traffic volume.

> On Sep 28, 2020, at 03:09, Dmitry Konchanin  
> wrote:
> 
> 
> Forticlient can do multifactor to some extend. There are pretty expensive 
> "branded" token based option, built-in email-to-sms and ability to use 
> basically any time of MFA via Radius. And no any additional costs/licenses, 
> all comes with  a box. (except tokens).
> 
> It's still probably less flexible than dedicated VPN devices (like Pulse), 
> but if it fits requirements then for sure price effective. 
> 
> Kind regards, 
> Dmitry Konchanin 
>   
> 
> On 28/09/2020 5:37 pm, John Cenile wrote:
>> G'day Noggers,
>> 
>> I was hoping to get some recommendations on VPN solutions people out there 
>> are using.
>> 
>> Currently we're using a Cisco ASA with the AnyConnect client, however we 
>> have found it to be quite limiting in some of the things we want to do (such 
>> as built in multifactor, restricting resources to groups, and the throughput 
>> of the device itself).
>> 
>> Our main requirements are:
>> Self hosted / on-premise appliance
>> Multifactor support (preferably Google Authenticator)
>> Windows, Mac, and iPhone clients
>> 
>> I'm also looking at the Fortinet FortiClient software, but it looks very 
>> similar to AnyConnect, so I don't have high hopes for it. I'm also looking 
>> into the Business OpenVPN product.
>> 
>> Any other suggestions / recommendations would be great.
>> 
>> John Cenile
>> Github
>> Twitter
>> 
>> 
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


smime.p7s
Description: S/MIME cryptographic signature
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Client VPN Solutions

2020-09-28 Thread Brad Peczka 
I’ll also throw a vote in for Palo Alto - the GlobalProtect client is a solid 
product, as is the rest of the box.

They’re not cheap, but pricing can be whittled down to and will get competitive 
if you’ve got a good reseller and do the usual buy x years of 
maintenance/subscriptions in advance.

Note also that you don’t need the GlobalProtect license to enable client VPN – 
but it does provide some nifty features that may, or may not, be useful to you. 
https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-overview/about-globalprotect-licenses.html

Regards,
-Brad.

From: AusNOG  On Behalf Of DaZZa
Sent: Monday, 28 September 2020 12:56 PM
To: John Cenile 
Cc:  
Subject: Re: [AusNOG] Client VPN Solutions

Depends on your budget.

I run Palo Alto's at my edge - and they do all of the above. And you can make 
them work with Linux too.

Expensive as hell, and they're firewalls with added features, not just VPN 
devices, but they're worth the money for mine.

D

On Mon, 28 Sep 2020, 2:38 pm John Cenile, 
mailto:jcenile1...@gmail.com>> wrote:
G'day Noggers,

I was hoping to get some recommendations on VPN solutions people out there are 
using.

Currently we're using a Cisco ASA with the AnyConnect client, however we have 
found it to be quite limiting in some of the things we want to do (such as 
built in multifactor, restricting resources to groups, and the throughput of 
the device itself).

Our main requirements are:

  *   Self hosted / on-premise appliance
  *   Multifactor support (preferably Google Authenticator)
  *   Windows, Mac, and iPhone clients

I'm also looking at the Fortinet FortiClient software, but it looks very 
similar to AnyConnect, so I don't have high hopes for it. I'm also looking into 
the Business OpenVPN product.

Any other suggestions / recommendations would be great.

John Cenile
Github
Twitter
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Client VPN Solutions

2020-09-28 Thread Greg Lipschitz 
Hi John,

OPNSense ticks a lot of your boxes... https://opnsense.org/

On Prem (As a VM of Bare Metal)
VPN (Uses OpenVPN)
2FA (Using Google Authenticator)
LDAP for Integration with AD etc

Given it uses OpenVPN, you have clients for Windows, Mac, iOS, Android and 
Linux.

Cheers!
Greg


Greg Lipschitz | Founder & CEO | Summit Internet
glipsch...@summitinternet.com.au
summitinternet.com.au
1300 049 749
Unit 2, 31-39 Norcal Road, Nunawading VIC 3131
Summit Internet
From: AusNOG  on behalf of John Cenile 

Sent: 28 September 2020 14:37
To: ausnog@lists.ausnog.net 
Subject: [AusNOG] Client VPN Solutions

G'day Noggers,

I was hoping to get some recommendations on VPN solutions people out there are 
using.

Currently we're using a Cisco ASA with the AnyConnect client, however we have 
found it to be quite limiting in some of the things we want to do (such as 
built in multifactor, restricting resources to groups, and the throughput of 
the device itself).

Our main requirements are:

  *   Self hosted / on-premise appliance
  *   Multifactor support (preferably Google Authenticator)
  *   Windows, Mac, and iPhone clients

I'm also looking at the Fortinet FortiClient software, but it looks very 
similar to AnyConnect, so I don't have high hopes for it. I'm also looking into 
the Business OpenVPN product.

Any other suggestions / recommendations would be great.

John Cenile
Github
Twitter
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Client VPN Solutions

2020-09-28 Thread Dmitry Konchanin 
Forticlient can do multifactor to some extend. There are pretty 
expensive "branded" token based option, built-in email-to-sms and 
ability to use basically any time of MFA via Radius. And no any 
additional costs/licenses, all comes with  a box. (except tokens).


It's still probably less flexible than dedicated VPN devices (like 
Pulse), but if it fits requirements then for sure price effective.


Kind regards,
Dmitry Konchanin


On 28/09/2020 5:37 pm, John Cenile wrote:

G'day Noggers,

I was hoping to get some recommendations on VPN solutions people out 
there are using.


Currently we're using a Cisco ASA with the AnyConnect client, however 
we have found it to be quite limiting in some of the things we want to 
do (such as built in multifactor, restricting resources to groups, and 
the throughput of the device itself).


Our main requirements are:

  * Self hosted / on-premise appliance
  * Multifactor support (preferably Google Authenticator)
  * Windows, Mac, and iPhone clients


I'm also looking at the Fortinet FortiClient software, but it looks 
very similar to AnyConnect, so I don't have high hopes for it. I'm 
also looking into the Business OpenVPN product.


Any other suggestions / recommendations would be great.

John Cenile
Github 
Twitter 

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Client VPN Solutions

2020-09-28 Thread Mark Anthony Delfin 
On the cheap side of things, Openvpn Access Server can be used as well.

* Supports MFA
* Wide support for a lot of OS (Windows, Linux, Mac0S, android, IOS)
* LDAP integration
* Load balancing.

On Mon, Sep 28, 2020 at 5:19 PM Chris Barnes 
wrote:

> Might be on the pricier side of things but F5 Big-IP can be used, you'll
> need to license the APM (Access Policy Manager) feature and the number of
> seats you need.
>
> Windows 10, iOS and Android support. Mac is also supported but i think
> only through browser plug-in (could be wrong). it has its own OTP
> authentication option or you can download an iRule to add Google Auth
> functionality. It'll also do Active Directory, LDAP, RADIUS, RSA SerurID,
> and client cert authentication.
>
> You can build a comprehensive access policy to do things like determine
> the type of client being used (e.g. web browser, Android client, Windows 10
> native, etc) and do authentication differently for each, for example, if a
> web browser is detected throw a web login page, if Windows 10 is detected
> do client cert auth, for example. You can also specify individual address
> pools, snat pools, dns servers, traffic marking and shaping, and ACLs.
>
> Its a pretty comprehensive product.
> https://www.f5.com/products/security/access-policy-manager
>
>
> On Mon, 28 Sep 2020 at 14:38, John Cenile  wrote:
>
>> G'day Noggers,
>>
>> I was hoping to get some recommendations on VPN solutions people out
>> there are using.
>>
>> Currently we're using a Cisco ASA with the AnyConnect client, however we
>> have found it to be quite limiting in some of the things we want to do
>> (such as built in multifactor, restricting resources to groups, and the
>> throughput of the device itself).
>>
>> Our main requirements are:
>>
>>- Self hosted / on-premise appliance
>>- Multifactor support (preferably Google Authenticator)
>>- Windows, Mac, and iPhone clients
>>
>>
>> I'm also looking at the Fortinet FortiClient software, but it looks very
>> similar to AnyConnect, so I don't have high hopes for it. I'm also looking
>> into the Business OpenVPN product.
>>
>> Any other suggestions / recommendations would be great.
>>
>> John Cenile
>> Github 
>> Twitter 
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> --
> Kind Regards,
>
> Christopher Barnes
>
> e. chris.p.bar...@gmail.com
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Client VPN Solutions

2020-09-28 Thread Jacob Taylor 
I quite like the Pulse Secure offering.
Highlights include:

   - Supports complex access policies - I once configured a policy that
   assigned different IP pools based on AD group membership
   - Supports MFA through any standard RADIUS provider, also has plugins
   for native Okta and Duo integration
   - Provides both a native tunneling client and a web portal (access your
   intranet sites/file servers through a browser)
   - Available as both physical and virtual appliances for on-prem
   deployment
   - Native client supports multiple client OS's:
  - Windows
  - macOS
  - Linux
  - Android
  - iOS

The licensing model can be a head scratcher though.

Cheers,
Jake

On Mon, Sep 28, 2020 at 5:19 PM Chris Barnes 
wrote:

> Might be on the pricier side of things but F5 Big-IP can be used, you'll
> need to license the APM (Access Policy Manager) feature and the number of
> seats you need.
>
> Windows 10, iOS and Android support. Mac is also supported but i think
> only through browser plug-in (could be wrong). it has its own OTP
> authentication option or you can download an iRule to add Google Auth
> functionality. It'll also do Active Directory, LDAP, RADIUS, RSA SerurID,
> and client cert authentication.
>
> You can build a comprehensive access policy to do things like determine
> the type of client being used (e.g. web browser, Android client, Windows 10
> native, etc) and do authentication differently for each, for example, if a
> web browser is detected throw a web login page, if Windows 10 is detected
> do client cert auth, for example. You can also specify individual address
> pools, snat pools, dns servers, traffic marking and shaping, and ACLs.
>
> Its a pretty comprehensive product.
> https://www.f5.com/products/security/access-policy-manager
>
>
> On Mon, 28 Sep 2020 at 14:38, John Cenile  wrote:
>
>> G'day Noggers,
>>
>> I was hoping to get some recommendations on VPN solutions people out
>> there are using.
>>
>> Currently we're using a Cisco ASA with the AnyConnect client, however we
>> have found it to be quite limiting in some of the things we want to do
>> (such as built in multifactor, restricting resources to groups, and the
>> throughput of the device itself).
>>
>> Our main requirements are:
>>
>>- Self hosted / on-premise appliance
>>- Multifactor support (preferably Google Authenticator)
>>- Windows, Mac, and iPhone clients
>>
>>
>> I'm also looking at the Fortinet FortiClient software, but it looks very
>> similar to AnyConnect, so I don't have high hopes for it. I'm also looking
>> into the Business OpenVPN product.
>>
>> Any other suggestions / recommendations would be great.
>>
>> John Cenile
>> Github 
>> Twitter 
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> --
> Kind Regards,
>
> Christopher Barnes
>
> e. chris.p.bar...@gmail.com
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Client VPN Solutions

2020-09-28 Thread Chris Barnes 
Might be on the pricier side of things but F5 Big-IP can be used, you'll
need to license the APM (Access Policy Manager) feature and the number of
seats you need.

Windows 10, iOS and Android support. Mac is also supported but i think only
through browser plug-in (could be wrong). it has its own OTP authentication
option or you can download an iRule to add Google Auth functionality. It'll
also do Active Directory, LDAP, RADIUS, RSA SerurID, and client cert
authentication.

You can build a comprehensive access policy to do things like determine the
type of client being used (e.g. web browser, Android client, Windows 10
native, etc) and do authentication differently for each, for example, if a
web browser is detected throw a web login page, if Windows 10 is detected
do client cert auth, for example. You can also specify individual address
pools, snat pools, dns servers, traffic marking and shaping, and ACLs.

Its a pretty comprehensive product.
https://www.f5.com/products/security/access-policy-manager


On Mon, 28 Sep 2020 at 14:38, John Cenile  wrote:

> G'day Noggers,
>
> I was hoping to get some recommendations on VPN solutions people out there
> are using.
>
> Currently we're using a Cisco ASA with the AnyConnect client, however we
> have found it to be quite limiting in some of the things we want to do
> (such as built in multifactor, restricting resources to groups, and the
> throughput of the device itself).
>
> Our main requirements are:
>
>- Self hosted / on-premise appliance
>- Multifactor support (preferably Google Authenticator)
>- Windows, Mac, and iPhone clients
>
>
> I'm also looking at the Fortinet FortiClient software, but it looks very
> similar to AnyConnect, so I don't have high hopes for it. I'm also looking
> into the Business OpenVPN product.
>
> Any other suggestions / recommendations would be great.
>
> John Cenile
> Github 
> Twitter 
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>


-- 
Kind Regards,

Christopher Barnes

e. chris.p.bar...@gmail.com
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog