On Tue, Jul 8, 2008 at 1:55 PM, RB <[EMAIL PROTECTED]> wrote: >> Does pfSense offer an alternative to the Juniper SSL VPN solutions ? > <rant> <snip parts that I'm not interested in arguing :)> > Furthermore, the "clientless" VPN solutions reduce the operator's > control over the endpoints, degrading the overall security of the > system. Some solutions attempt mitigating controls, but you can't > change the fact that you're allowing rather arbitrarily secured > machines to utilize your resources. Of course, if you don't plan to > vet the systems clients will be using (when issuing certificates or > the like), that doesn't matter much. > </rant>
With OpenVPN, you only have control of the client at time of install. With the "clientless" solutions from Juniper, F5, et al, they usually have the ability to check the security of the environment they're running in, in some manner (antivirus running, up to date patches, firewall, etc). They can then grant or deny access based on that security - with OpenVPN, if the credentials are good, you get in. I won't argue the points as to which is better, or whether you should even have remote access to your network, just wanted to point out some missing information in your argument. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
