A reminder that a a VPN is a "Virtual Private Network" and when you connect to another network, you are connecting as if your machine is part of that network, and sometimes, your network is part of theirs, too. For your work environment, this might not be a threat, but I know I have clients whose work environment is not one I consider sanitary enough to connect to.
I'd suggest OpenVPN for you, Ken: https://en.wikipedia.org/wiki/OpenVPN (For some of my clients, we've got a Linux box in their network, and can connect over ssh using Linux native tools or Putty on Windows, and then RDP or VNC to share screens without sharing networks. Other folks here have recommended stunnel, too.) On Tue, Jan 10, 2017 at 2:35 PM, Ken Dibble <[email protected]> wrote: > My consultant is proposing some species of Sophos UTM, which I can purchase > as hardware only, without an ongoing subscription service, if all I want is > ordinary router/firewall capability. (Subscriptions are required for various > add-on functions such as anti-malware protection, a built-in VPN, and/or URL > blocking, among other things.) > > Does anyone have experience with Sophos devices? > > Also, what would you recommend for a free (as in beer) VPN application, so I > can avoid paying a subscription for that? This would only be used > occasionally, to provide remote access to our VMWare management software in > the event of an emergency that prevents me from physically reaching our > building. (The consultant recommends against installing the vSphere client > on our RDP server as dangerously insecure.) I know there are several out > there. What have you used and why have you used it? > > Thanks very much for all of your responses so far. They've all been useful > in helping me to understand the "modern" state of routers and firewalls. > > Ken Dibble > www.stic-cil.org > > > >>> Which software router are you looking at? Coyote? Most of the software >>> routers I have used are no longer being supported or developed. >> >> >> Nothing has been recommended by our consultants yet. I'm trying to prepare >> in advance. >> >>> The choices in hardware router/firewall devices are not that great. I've >>> been using a Zyxel 1000G for a few years and it has been, mostly, reliable. >>> I've had it get wonky and require a reboot twice in 6 years. The interface >>> is very very different...completely object-oriented. Fortunately Zyxel >>> provides excellent tech support, they'll even log in to your router and >>> configure it for you if needed. >> >> >> The CISCO was rock solid for quite a while. However, a couple years ago >> its memory failed and was replaced with a used substitute. Since then we've >> had to cycle the power on it about once every 2-3 months to restore >> connectivity. >> >> Its web interface is horrendously byzantine in terms of its "security" >> features, which did not behave well in IE, and even worse in Firefox. It >> could take 10-15 minutes of going through various windows and resubmitting >> credentials before it would give up the goods and show me something. >> >>> I don't think you'll run into any throughput issues with your load on any >>> device, or software-based system. >> >> >> That's good to know. >> >> Thanks very much, Mike. >> >> Ken >> >> >>> Ken Dibble wrote: >>>> >>>> Hi folks, >>>> >>>> Looks like our "ancient" (2008) CISCO router has died. >>>> >>>> I would appreciate the benefit of your experience regarding hardware vs >>>> software routers/firewalls to help me evaluate replacement options. >>>> >>>> Our current network uses 1 GB switches and has about 150 machines, and >>>> there can be at least that many people simultaneously using the network and >>>> our 25 mbps synchronous internet connection (including people hooking into >>>> our internet from smart phones and tablets). Most servers, including the >>>> domain controller, are virtualized and we are using a SAN for storage (two >>>> identical Synology Linux NAS devices). We have a 10 GB switch for virtual >>>> server/storage connectivity. >>>> >>>> We do not host external (internet) email or websites on our network. >>>> >>>> We've had slow growth in the number of machines and users (+/- 5% per >>>> year) over the past decade. >>>> >>>> We've always used the NAT functionality of the CISCO to provide a >>>> firewall and we only rarely allow anything to punch through it. The main >>>> exception would be our RDP server, which is in frequent use by between 5 >>>> and >>>> 10 simultaneous connections. >>>> >>>> My understanding is that a software router/firewall running on an >>>> ordinary PC is likely to be slower than a dedicated hardware device. >>>> However, is the difference so significant for a network like mine as to >>>> rule >>>> out a cheaper software solution? >>>> >>>> Do you have preferences for specific devices or software packages? >>>> >>>> What do you all think? >>>> >>>> Many thanks. >>>> >>>> Ken Dibble >>>> www.stic-cil.org > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/cacw6n4uvbgjpohjegmydhn8aejsh9ylktcuqogctulnmusr...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
