Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 5590 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New VPN Portal: Increased safety where? General SSL VPN security questions

Quallensaft

We have now the new VPN portal, any advantages except it is "special hardened"?

Can I now let my WAN users do provisioning the SSL VPN configs (without the whole internet can access the portal or try to login)?

Is there any (still missing) possibility to ensure only my clients can download configs on trusted domain devices via VPN Portal?

When will Azure AD Auth. implemented in SSL VPN access?
Why is it not possible to use (already there) domain mashine certs in SSL VPN configs for auth instead of firewall CA generated certs (any new user will get)?



This thread was automatically locked due to age.
Parents
  • 0

    The VPN Portal offers the possibility to release it safely to the WAN (Internet). It was build to be accessible by actors. It will not cover the security of your users - So if your password is weak, it will not increase this kind of security.

    Your points are valid, but to be honest, ZTNA addresses all of those points right now. It supports Azure AD, it supports the installation only by the admin, as only the admin has access to the Installer, it supports Sync-sec through the Central Endpoint installer. 

    Azure ID support for sslvpn is still on the roadmap for future releases, but right now you could look into ZTNA as a valid solution for this kind of implementation. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    (Sophos) cloud services are and will be no solution for me (otherwise I wouldn't have bought my XGS appliances).
    I don't expect a full zero trust solution, just kinda "basics" for SSL VPN auth. like VPN portal access only for Sophos Connect service (provisioning is absolutely sufficient, full portal access is not needed -> any workaround to prevent human access without prevent provsioning?) or Azure AD auth. (conditional access).

    "Azure ID support for sslvpn is still on the roadmap for future releases" -> does the roadmap has a date in sight?

Reply
  • 0 in reply to LuCar Toni

    (Sophos) cloud services are and will be no solution for me (otherwise I wouldn't have bought my XGS appliances).
    I don't expect a full zero trust solution, just kinda "basics" for SSL VPN auth. like VPN portal access only for Sophos Connect service (provisioning is absolutely sufficient, full portal access is not needed -> any workaround to prevent human access without prevent provsioning?) or Azure AD auth. (conditional access).

    "Azure ID support for sslvpn is still on the roadmap for future releases" -> does the roadmap has a date in sight?

Children
No Data
Unfiltered HTML