Watchguard also has some "SSL-VPN" and I know the sales-man entering the boss' office...
But pfSense won... We use OpenVPN cause the boss looks at the bucks it costs... and that was the argument :-) Try OpenVPN on pfSense... you'll love it... Only thing with WatchGuard: it uses SSL-VPN via browser... some kind like SSL-Explorer... If your boss likes that, trya the SSL-Exploer Community edition... Regards, MArtin -----Ursprüngliche Nachricht----- Von: Michel Servaes [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 8. Juli 2008 21:57 An: support@pfsense.com Betreff: Re: [pfSense Support] SSL VPN I totally agree with you, but you know what happens if an external IT man enters your office, and tells your boss that a solution like Juniper is better than anything else... So I am going to use your comments to discourage this kind of use... I still like to have control of what comes in, and what goes out. I haven't enabled OpenVPN on my pfSense... I have no knowledge about OpenVPN. I only use IPSEC for endpoint to endpoint, and PPTP for mobile solutions, or collegues who don't have an out-of-the box VPN capable router at home. Thank you for your response already ;) RB wrote: >> Does pfSense offer an alternative to the Juniper SSL VPN solutions ? >> > <rant> > It is unfortunate that Juniper seems to have somewhat subverted the > meaning of the phrase "SSL VPN". IMO, the nomenclature indicates a > VPN that uses SSL for its authentication and encryption as opposed to, > say, IKE and ESP. It has nothing to do with whether the technology is > browser-based or not. OpenVPN is a _very_ good SSL VPN implementation > that requires no GUI components whatsoever, even though there are good > GUI clients written for it. > > Furthermore, the "clientless" VPN solutions reduce the operator's > control over the endpoints, degrading the overall security of the > system. Some solutions attempt mitigating controls, but you can't > change the fact that you're allowing rather arbitrarily secured > machines to utilize your resources. Of course, if you don't plan to > vet the systems clients will be using (when issuing certificates or > the like), that doesn't matter much. > </rant> > > That said, pfSense does not offer what you are looking for. Your best > bet to implement precisely that would probably be to purchase a > solution like SSL Explorer (still cheaper than a Juniper) and run it > on a dedicated machine in a DMZ off of pfSense with limited access in > & out. > > > RB > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
