On the cheap side of things, Openvpn Access Server can be used as well. * Supports MFA * Wide support for a lot of OS (Windows, Linux, Mac0S, android, IOS) * LDAP integration * Load balancing.
On Mon, Sep 28, 2020 at 5:19 PM Chris Barnes <[email protected]> wrote: > Might be on the pricier side of things but F5 Big-IP can be used, you'll > need to license the APM (Access Policy Manager) feature and the number of > seats you need. > > Windows 10, iOS and Android support. Mac is also supported but i think > only through browser plug-in (could be wrong). it has its own OTP > authentication option or you can download an iRule to add Google Auth > functionality. It'll also do Active Directory, LDAP, RADIUS, RSA SerurID, > and client cert authentication. > > You can build a comprehensive access policy to do things like determine > the type of client being used (e.g. web browser, Android client, Windows 10 > native, etc) and do authentication differently for each, for example, if a > web browser is detected throw a web login page, if Windows 10 is detected > do client cert auth, for example. You can also specify individual address > pools, snat pools, dns servers, traffic marking and shaping, and ACLs. > > Its a pretty comprehensive product. > https://www.f5.com/products/security/access-policy-manager > > > On Mon, 28 Sep 2020 at 14:38, John Cenile <[email protected]> wrote: > >> G'day Noggers, >> >> I was hoping to get some recommendations on VPN solutions people out >> there are using. >> >> Currently we're using a Cisco ASA with the AnyConnect client, however we >> have found it to be quite limiting in some of the things we want to do >> (such as built in multifactor, restricting resources to groups, and the >> throughput of the device itself). >> >> Our main requirements are: >> >> - Self hosted / on-premise appliance >> - Multifactor support (preferably Google Authenticator) >> - Windows, Mac, and iPhone clients >> >> >> I'm also looking at the Fortinet FortiClient software, but it looks very >> similar to AnyConnect, so I don't have high hopes for it. I'm also looking >> into the Business OpenVPN product. >> >> Any other suggestions / recommendations would be great. >> >> John Cenile >> Github <https://github.com/john30> >> Twitter <https://twitter.com/cenilejohn> >> _______________________________________________ >> AusNOG mailing list >> [email protected] >> http://lists.ausnog.net/mailman/listinfo/ausnog >> > > > -- > Kind Regards, > > Christopher Barnes > > e. [email protected] > _______________________________________________ > AusNOG mailing list > [email protected] > http://lists.ausnog.net/mailman/listinfo/ausnog >
_______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
