Re: SSL VPN

["Jason Thompson" <securitux () gmail com>]

I personally like Check Point's SSL VPN, Connectra. The virtual
desktop works very well and its a snap to deploy. Getting it up and
running takes 20 minutes, runs on SPLAT (a hardened Linux). Supports
all the major auth mechanisms including native SecurID and AD / LDAP.
What's been popular with it is the ability to map users network drives
over their SSL portal based on the ID they log in with and clientless
Integrity which verifies the machine is 'safe' to connect (AV running
& up to date, no malicious apps, etc).

As for cost effective, not sure. It's Check Point, so.... :) Licensing
is based on concurrent users so if you only expect to have 50 at once,
then a 50 license is fine... if you expect all 250 to connect at
once... well its gonna be ugly.

If Juniper is more reasonable, I've heard good things about that as well.

-J


> > Hi List,
> >
> > Currently we have 100+ home users who connect to our VPN gateway
> > (IPSEC) and access the resources. As the business is growing, within a
> > couple of months we'll be having more than 300 users operating from
> > home.
> >
> > Management asked us to give them a "cost effective" solution to
> > migrate the existing home users to "SSL VPN" so that there won't be
> > any requirement of installing the software client etc (keeping in mind
> > that the associates working from home will be growing) and it will be
> > more secure.
> >
> > We also have a Cisco ASA as a perimeter firewall on our network on
> > which we can configure the SSL VPN but cpu utilization on the ASA is
> > somewhere near 40%.
> >
> > I would like to know the cost effective way to implement the same. I
> > would also like to know the products in the market which supports SSL
> > VPN or shall we go ahead and implement SSL VPN on our existing ASA
> > firewall? Will it consume a lot of cpu utilization on it?
> >
> > --
> > Thanx,
> > Kartik
> > www.hcl.in
> > +1 408 416 2089 X 5313
> > +91 9810998169