Why can't Global Protect achieve all of your needs? Did I miss some requirement they can't meet?
On Mon, Nov 13, 2017 at 5:25 PM Kurt Buff <[email protected]> wrote: > Arg - that should be "seeking commercial services".. > > And, once I bring recommendations, it might well be that we just fall > back to a DirectAccess server in each office, with our without a > multi-site configuration, potentially with an SSP VPN appliance also > at each office for backup and contractors, and call it good. > > Kurt > > On Mon, Nov 13, 2017 at 5:03 PM, Kurt Buff <[email protected]> wrote: > > I'm not sure either, but that's the task I've been given - not > > necessarily to implement at this stage, but to scope out the > > alternatives and come up with some possibilities. > > > > It's also why I'm seeing recommendations on commercial services, so > > that our implementation requirements are minimized. > > > > Kurt > > > > On Mon, Nov 13, 2017 at 4:38 PM, Joseph L. Casale > > <[email protected]> wrote: > >> I've done a lot of openvpn setups in a myriad of formats, site to site, > hub and spoke, client etc. > >> It works well and there are even some lesser documented features that > do some neat stuff but you are now rolling your solution and marinating it > manually. > >> Not sure how well that will scale unless you have a skilled team. > >> > >>> -----Original Message----- > >>> From: [email protected] > >>> [mailto:[email protected]] On Behalf Of Kurt Buff > >>> Sent: Monday, November 13, 2017 5:22 PM > >>> To: ntsysadm <[email protected]> > >>> Subject: [NTSysADM] Looking for a global VPN solution - looking for > input > >>> > >>> All, > >>> > >>> 1) For staff, currently we're using DirectAccess on 2012R2 as our > >>> primary conduit in the US, with SSL VPNs (SonicWall and Palo Alto > >>> Global Protect) as primary for our overseas offices and secondary for > >>> the US (Sonicwall). > >>> > >>> 2) In the US office, we also have contractors/consultants needing to > >>> use our SSL VPN for access to various resources, and that will likely > >>> expand to our overseas offices soon. Differentiation and securing > >>> resources is even more important here than in 1). > >>> > >>> 3) We also stand up IPSec tunnels for vendors/partners as needed (lab > >>> to lab), for interoperability/compatibility testing. > >>> > >>> We're looking to get into a solution that will take care of at least > >>> the first two (and ideally the third as well), so that we don't have > >>> so many platforms to support, and so that we can make sure that staff > >>> in the field get the fasted connection available. > >>> > >>> I've taken a quick gander at the websites for vyprvpn (Golden Frog), > >>> and OpenVPN (commercial client offering), but don't have much of an > >>> opinion on them, as info about them is a bit thin. > >>> > >>> Anyone have experience with solutions like this, and care to comment? > >>> > >>> Thanks, > >>> > >>> Kurt > >>> > >> > > >
