Basically have a bunch of companies that are hybrid. All their file servers and stuff are on prem and they use Netextender/anyconnect or some other SSLVPN/IPsec to connect. Would it be a good idea to connect the on prem stuff to Azure then use azure vpn to connect to on prem or would that cost too much/waste too much time and we should just stay the current model?
I think you need to define the problem you’re trying to solve before you even ask the question.
Use the Azure cost calculator to see how much the S2S VPN would cost you. If you intend on having users connect to Azure and then to the on prem resource you will also need a VPN gateway/user facing VPN.
If all of your resources are on prem, it makes sense to authenticate at the on prem firewall like you are currently doing.
I think you are approaching this problem backward. Maybe first see if it makes sense to move resources to the cloud, then if everything moves to the cloud you could downgrade your on prem hardware in future purchase cycles.
If you want to move towards cloud then you could start with migrating your files to SharePoint and Storage Accounts. For the other “stuff” it depends what you need.
You would still need a firewall for your locations. But you can move to cloud and use direct or S2S to access resources.
We use AzureVPN with SCEPMan certificates deployed via Intune. Works a treat.
You can still use AzureVPN with a standard AzureAD cred login if you don’t want to roll with certificates
There’s different reasons to use each. The Azure VPN doesn’t have forced tunneling so it doesn’t protect your users traffic in a coffee shop or airport. It’s also probably a lot faster and more reliable than your existing connection. If you’re ponying up for an SSL cert then you could probably get the basic SKU of the VPNGW for less, but is that speed limit sufficient for your user pool?
I just want to see if it’d be cheaper since we can maybe get rid of Cisco or sonic wall vpn and ssl cert costs or would it be way more expensive? Also would like to move more towards the cloud.
The Fortinet FortiGates are cheaper than Cisco and support the Acme LetsEncrypt certificates so if your intent is to setup SSL VPNs in client networks that’s an option. You can also centrally manage all the clients’ FortiGates through Fortinet’s cloud offering.
Another is, setup Windows CAs in each client network and have it issue user and device certificates, then setup the Azure Vnet Gateway with certificate auth, trusting your internal CAs’ certificates. This option requires far more effort to setup and maintain, so will cost more in hourly consulting fees.