I prefer to keep those functions on the firewall in most cases, if it can reasonably do so.
More layers of security, smaller attack surface, less downtime associated with patching, etc *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…* On Wed, Jan 22, 2014 at 11:58 AM, J- P <[email protected]> wrote: > Hi all, > > I have a client that has a Sonicwall tz 170 or 190 and the ssl appliance > 200 I believe, either way both are end of life , and no support on them, > so we are looking at a replacement , here's the environment; > > 2 site to site tunnels (one to a draytek, other to a cisco ) small office > each 5 users > Dual wan required & VPN obviously, > > HQ; > VMWARE essential host (guest 2008ts with Citrix Fundamentals) > 1 OSX server , profile manager (10 macs) > 1 2003r2 DC > 1 2003 member with SQL > 2 hyper v host running 2012 (Guest on host 1 exchange 2013. Guests on > host 2008r2 DC, 2012 file server, 2012 RDS in Eval mode not sure if they > want to convert from Citrix Fundamentals yet) > > 50 local users, most of which remote in via citrix, however, the designers > need to VPN in on their MACs in order to access /edit files with OSX . > > Given all the capabilities /options with 2012 VPN , remote web access, > direct access etc, > does it make more sense to still use the firewall to handle all these > tasks, or should I be looking at server 2012 to handle these connections > ? > > > Thanks for your imput > > >
