Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 11197 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client-less VPN on SG115 or 125

Steve Strickland

Soon, I'll be replacing an old Dell router at a client office with either the SG115 or 125.  I have 4 remote users.  They all have routers in their home office that I have configured for site-to-site persistent VPN connection.  This has allowed them instant RDP into virtual computers and instant access to mapped network drives.  It's worked for 3-4 years with very few problems.

Since I'm changing the router, this will change the dynamics of VPN.  The current remote people can remain the same.  I can setup site-to-site VPN for them so it's little disruption in how they operate.  For future remote users who have a workstation at home, and I'll have some future laptop users roaming around (sales people), I'm interested in client-less VPN.  The home users - I really don't want to have to buy them a new router and configure it.  I'd rather they just continue using whatever they have in their home.

I ask about client-less because my wife has a setup like that with her company.  She's 100% remote.  She basically turns her computer on, logs in, and has instant access to her mapped drives (all 8 of them).  She has access to her network applications and internal SharePoint - and she doesn't log into any VPN connection.  I've just never understood how that was setup but suspected it was clientless VPN.

So can the SG products do this?  For the home worker, I could easy get them a RED device and VPN pretty much sets itself up, but it might be hard to convince my client to purchase a $300 device for a single user working at home.  So, fo for the home workers - persistent VPN, low cost, and hands off for the employee (because they probably won't enjoy logging in daily - even though that should be enforced for security purposes).  Laptop workers - questionable, but I would probably just install the VPN client and make them log in.

Thanks for your replies...



This thread was automatically locked due to age.
  • +1

    Hey Seteve.

    You are probably talking about Microsoft's DirectAccess or something similar.

    Sorry, AFIK, nothing like that on UTM. You options with UTM are:

    - RED Device - expensive, but works as you wish. Be aware: if the connection to UTM fails, the RED device will start rebooting until the connection is restablished. It just won't function unless the communication with UTM is active. This means that if you have a WAN outage on the UTM side your remote users will have no internet connection at all in case the RED is their gateway. This is kind of a show stopper for me. It's probably cheaper to use a SG105 + Network Protection with IPSec or RED Tunnel to your central UTM. That way you can have best of both worlds. It will, however, require some setup and subscription renewal for the Network Protection.

    - SSL VPN - simple and free, but requires a client to be installed and users to connect to the VPN after logging in. You could setup the client to not ask for credentials and edit the startup entry to autoconnect, but the plain text password stuff bothers me a lot. If it's not a concern to you, it might be a solution.

    - HTML5 VPN - For some web applications or RDP it might be an option, but requires users to access the User Portal for remote access.

    Hope it helps.

    Regards - Giovani

  • 0 in reply to giomoda

    I read just about the same thing about the RED device and that just won't work in my case.  Imagine the UTM going offline at the HQ office and no Internet service for the remote user.  No thanks.

     

    Direct Access - never heard of that.  Thanks for the link.  I'll read up on that.

    The SSL VPN and setting to autostart would be okay for desktop users who work at home.  But I won't use that on laptop users.  I use the SSL VPN already for another client and all their laptop users.  Works great.

    Thanks for the reply....

  • 0 in reply to Steve Strickland

    Hi Steve,

    just for your information

    the RED has three different operational modes.

    The mode that you can apply ist standard/split where you define which traffic goes to the UTM at HQ.

    So that the Internet Service can work as usally.

    Best Regards

    DKNL

  • 0 in reply to DKKDG

    Hey DKNL.

    I don't think so. No matter the operation mode, if connection to the UTM is unavailable the RED device will reboot non-stop. It's how it forces the tunnel to restart. There's a feature request to change this behavior, but so far it hasn't changed. For now, no tunnel, no operation. I think they see it as a way to ensure the RED device is completely dependent of the UTM.  Although I don't agree, I understand the motivation.

    Regards - Giovani

Unfiltered HTML