Firewall Wizards mailing list archives
Re: Eggs in one basket (VPN in Firewall, UTM)
From: Boozy Walker <boozywalker () dsl pipex com>
Date: Wed, 19 Dec 2007 15:18:24 +0000
Hi Bill, It all depends on how much VPN traffic you have I suppose. If you are pushing huge amounts of encrypted traffic between sites then yes, a dedicated VPN device would make sense but if you are only talking a few connected sites and what I would class as "normal" amounts of encryptedtraffic then utilising your firewalls VPN functionality would be ok.
Most firewalls these days have VPN capabilities but I wouldn't class them as UTMs - UTMs tend to be the "cheaper" (or cost efficient) boxes that do Anti-Spam, Malware, AV, Content checking and so on. I've never been a fan of these as they tend to promise much yet in reality deliver little (e.g limited functionality or degraded performance when you enable all of the features). IMHO, I would prefer to have distributed services that are designed to do the job you want. I have been using StoneGate fw/vpn appliances (from Stonesoft) for a couple of years now and to be honest I couldn't think of using anything else. They allow me to have multiple ISP connections (all used at the same time) to load balance traffic and even load balanced vpn connections between all my sites which obviously helps with performance and resilience. For my mobile users they now have an SSL product (seperate box but I prefer this) which allows me to provide client-less access from any platform. The nice thing about this setup though is although the fw/vpn and ssl boxes are physically seperate, the management, logs and reporting tool is centralised so I can manage everything from one place (which I suppose could be classed as UTM...???) As for controlling asscess (partners and vendors), I use the SSL device as this lets me publish applications based upon the authenticating user. That way they only get access to what I allow them to see. Rgds Brian Walker Bill Stout-2 wrote:
> > Hello all, > > I'm evaluating an existing VPN infrastructure, and am looking at-- View this message in context: http://www.nabble.com/Eggs-in-one-basket-%28VPN-in-Firewall%2C-UTM%29-tp13982292p14418500.html Sent from the Firewall Wizards mailing list archive at Nabble.com.> replacement options that can support IPSEC and SSL.> > Currently VPN appliances are used for site-site and remote access. One of> the options is to make use of the VPN capabilties of existing (SYN/ACK> semantic type) firewalls. > > What is the current opinion of adding more services to a firewall vs. > deploying standalone VPN appliances? > > Also, what is the current best practice as far as controlling who can get> to what via the VPN? (e.g.contractors, vendors)> > Thank, > > Bill Stout> _______________________________________________ > firewall-wizards mailing list > firewall-wizards () listserv icsalabs com > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards> >
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Eggs in one basket (VPN in Firewall, UTM) Boozy Walker (Dec 24)