I totally agree with you, but you know what happens if an external IT
man enters your office, and tells your boss that a solution like Juniper
is better than anything else...
So I am going to use your comments to discourage this kind of use... I
still like to have control of what comes in, and what goes out.
I haven't enabled OpenVPN on my pfSense... I have no knowledge about
OpenVPN.
I only use IPSEC for endpoint to endpoint, and PPTP for mobile
solutions, or collegues who don't have an out-of-the box VPN capable
router at home.
Thank you for your response already ;)
RB wrote:
Does pfSense offer an alternative to the Juniper SSL VPN solutions ?
<rant>
It is unfortunate that Juniper seems to have somewhat subverted the
meaning of the phrase "SSL VPN". IMO, the nomenclature indicates a
VPN that uses SSL for its authentication and encryption as opposed to,
say, IKE and ESP. It has nothing to do with whether the technology is
browser-based or not. OpenVPN is a _very_ good SSL VPN implementation
that requires no GUI components whatsoever, even though there are good
GUI clients written for it.
Furthermore, the "clientless" VPN solutions reduce the operator's
control over the endpoints, degrading the overall security of the
system. Some solutions attempt mitigating controls, but you can't
change the fact that you're allowing rather arbitrarily secured
machines to utilize your resources. Of course, if you don't plan to
vet the systems clients will be using (when issuing certificates or
the like), that doesn't matter much.
</rant>
That said, pfSense does not offer what you are looking for. Your best
bet to implement precisely that would probably be to purchase a
solution like SSL Explorer (still cheaper than a Juniper) and run it
on a dedicated machine in a DMZ off of pfSense with limited access in
& out.
RB
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
