> Does pfSense offer an alternative to the Juniper SSL VPN solutions ? <rant> It is unfortunate that Juniper seems to have somewhat subverted the meaning of the phrase "SSL VPN". IMO, the nomenclature indicates a VPN that uses SSL for its authentication and encryption as opposed to, say, IKE and ESP. It has nothing to do with whether the technology is browser-based or not. OpenVPN is a _very_ good SSL VPN implementation that requires no GUI components whatsoever, even though there are good GUI clients written for it.
Furthermore, the "clientless" VPN solutions reduce the operator's control over the endpoints, degrading the overall security of the system. Some solutions attempt mitigating controls, but you can't change the fact that you're allowing rather arbitrarily secured machines to utilize your resources. Of course, if you don't plan to vet the systems clients will be using (when issuing certificates or the like), that doesn't matter much. </rant> That said, pfSense does not offer what you are looking for. Your best bet to implement precisely that would probably be to purchase a solution like SSL Explorer (still cheaper than a Juniper) and run it on a dedicated machine in a DMZ off of pfSense with limited access in & out. RB --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
