We have Sophos firewalls and the VPN is kinda flaky. Not looking to replace the firewalls.
Is there a good solid VPN solution out there for end-user remote access to internal systems that we could use to replace that functionality in Sophos?
What VPN are you using with Sophos? You can do IPSec as well as OpenVPN. I have always had good luck with the OpenVPN.
OpenVPN is quite good. Check the OpenVPN Access Server for a self-hosted one, or the cloud offering. You can try it out with a free two-concurrent users-license.
OpenVPN if your looking for open source (not to difficult to setup), Cisco ASA/FirePowers if you want/can afford support for AnyConnect.
We use Absolute Secure Access, fka Netmotion Mobility. It was extremely easy to implement, just stand up a couple windows servers, open a couple ports on the firewall, and deploy the client. We’ve never had a problem with it in the 18 months we’ve been using it. We were previously using a combination of Fortigate VPN and Direct Access, this is 100x better for our situation.
I’ve never had an issue with the VPN and we used it for 2 years during the pandemic. What upload speeds do you have at the firewall end and how many people are using it simultaneously?
Transitioned to Zscaler and it’s been pretty solid.
I like the Zscaler ZPA solution. Easy to integrate into your IdP of choice for multi factor authentication. Easy to admin and lock down access to needed systems by identity.
If you’re looking to replace either the ssl-vpn client or sophos connect then I’ve used various openvpn clients which have all worked just fine. Any client that uses an openvpn connection config should do the job. Agreed on the flaky sophos offering.
Sophos got SSL, l2tp and ipsec.
If you use SSL, it’s just an openvpn client. What functionalities are you looking for exactly?
i’ve used openvpn, barracuda, and watchguard, and been happy with all of them.
honestly, unless you NEED special advanced features, i’d start testing openvpn and see if it meets your needs. it’s free and reliable.
Tailscale! It’s a wrapper around Wireguard that handles setting it up and exchanging/cycling keys, plus it has solid ACL features baked in.
I moved away from OpenVPN Access Server when they jacked up the fees some huge amount, a pity as it was a good solution.
Now using Pritunl, which is another managed front end to OpenVPN. It is also fine.
You could also go with a plain old Cisco router running IOS-XE and deploy FlexVPN w/ IKEv2 client VPN auth. No need to pay for the salty AnyConnect Plus/Apex licensing.
Same, Netmotion has been rock solid.
I have gotten the impression that ZScalers are ridiculously expensive. Is that still the case?
Hmm, they really seemed to have raised prices. About 80% if I recall the previous pricing correctly.
About $125 per license last I heard. Not cheap, but works well and is very simple to manage.