Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Re: Does Cisco make a SSL VPN router, with a "simple" GUI config?

Reply
Thread Tools

Re: Does Cisco make a SSL VPN router, with a "simple" GUI config?

 
 
Peter
Guest
Posts: n/a
 
      10-18-2011

Doug McIntyre <(E-Mail Removed)> wrote

>Peter <(E-Mail Removed)> writes:
>>Doug McIntyre <(E-Mail Removed)> wrote
>>>I recommended Fortinet earlier. They do all three of these scenarios.

>
>>Can you suggest a product? Their website is highly opaque, with stupid
>>categories like 'big business ' 'small business' etc.

>
>The FortiGate line is their all-in-one firewall/VPN solution.
>
>They just scale up from small to huge (ie. 40Gbps solutions).
>
>I think you've said you have a small office. I'd look at the FGT-60C
>or FGT-80C products. All the products act much the same, you are only
>buying capacity (or some higher end feature like LAPD/LAG
>capabilities, available on the 200B and up).
>
>There are extra add-on subscription for anti-virus/IPS/SPAM filter updates.
>Or just the bare "unbundled" box.
>
>I'd stay far away from the Fortigate 30. The 50B works alright, but is
>almost the same price as the 60C, and the 60C has much more capacity.


Many thanks. Looking at it now.

I need the basic router functions, port forwarding etc, plus

1) Site-site VPN (currently IPSEC/AES256 but it hardly matters how it
is done). This is used only with RDP or PC/Anywhere. Only 1 user at
any one time.

2) Remote-access VPN (currently PPTP; SSL would be good) with WinXP
and IOS (Ipad) clients. Usage as above.

3) The ability to block incoming traffic to an SMTP email server (on
the internal LAN) except on about 5-6 IP ranges. The current Draytek
2900 manages this but only just, and configuring it is a real pig.

I don't need remote admin; in fact we disable it.

It does need to be rock solid reliable though.
 
Reply With Quote
 
 
 
 
Doug McIntyre
Guest
Posts: n/a
 
      10-18-2011
Peter <(E-Mail Removed)> writes:
>Doug McIntyre <(E-Mail Removed)> wrote
>>I'd stay far away from the Fortigate 30. The 50B works alright, but is
>>almost the same price as the 60C, and the 60C has much more capacity.


>Many thanks. Looking at it now.


>I need the basic router functions, port forwarding etc, plus


I think the Fortigates are the fullest feature set firewall/router on
the market.. And they are fairly well priced for the market they are
going after. Plus, they have a pretty decent GUI (especially compared
to Cisco/Juniper in this area). It seems they just can't get their
name out there..

>1) Site-site VPN (currently IPSEC/AES256 but it hardly matters how it
>is done). This is used only with RDP or PC/Anywhere. Only 1 user at
>any one time.


Sure. The 60C does 100 VPN tunnels. You'd get bigger boxes if you need more.
(that is probably just a marketing limit to put in some limit, it'd
probably do more, although I've never had the opportunity for it.).

>2) Remote-access VPN (currently PPTP; SSL would be good) with WinXP
>and IOS (Ipad) clients. Usage as above.


Yep, PPTP, L2TP over IPSec, SSLVPN, IPSec. Although PPTP is
depreciated, you have to set it up from the CLI instead of the GUI.
Same with L2TP for some reason (not sure why it isn't fully in the GUI).
WinXP and iOS clients are best with L2TP over IPSec. There's a tech
note about the few extra settings for iOS clients that wasn't in the manual.

They are trying to go for the auto-configure IPSec client setup
lately, although I still prefer the old-school set every little
parameter type setups myself.

>3) The ability to block incoming traffic to an SMTP email server (on
>the internal LAN) except on about 5-6 IP ranges. The current Draytek
>2900 manages this but only just, and configuring it is a real pig.


No problems here, firewall policy statements are thorough and feature
rich. Setup your address range objects, bind them in a group, one
policy is all that is needed. Rate limit per policy, IPS per policy.
Scheduling time-of-day per policy.

>I don't need remote admin; in fact we disable it.


Sure, click a button what management protocols you want per
interface. Turn it off and VPN in for access.

>It does need to be rock solid reliable though.


I've got dozens and dozens deployed. Some uptimes are in the 3year+ range.

I would recommend a reboot/firewall update somewhat sooner than that though..

The only downside I think for the Fortigate's is that the support
isn't all that great for them. But then again, Watchguard/Sonicwall/Symantec
support isn't all that great either. But I rarely need it either.
I've had one that had infant death with bad flash, and seen a couple
others that weren't mine die (but got replaced on maintenance). But
overall, I think real solid boxes.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Does Cisco make a SSL VPN router, with a "simple" GUI config? Peter Cisco 0 10-18-2011 09:59 PM
VPN client with sertificate or SSL VPN John Cisco 0 12-18-2008 08:34 PM
AIM-VPN/BPII-PLUS AIM-VPN/SSL-1 dt1649651@yahoo.com Cisco 0 05-15-2008 02:00 PM
Cisco vpn server enabled / VPN and no-VPN connections mix Elise Cisco 6 05-22-2004 07:55 AM
VPN 3005 SSL "clientless" and VPN client performance Evan Wagner Cisco 2 04-06-2004 03:30 PM



Advertisments