Posted on 2011-03-15
Medium Priority
Last Modified: 2012-05-11
now a days vendors are marketing SSL Products (Juniper, Sonicwall), calming SSL is more fast n reliable then IPSec based devices

how far it is true?
on what technical grounds we can compare?
or is it just a Business need scenario?  

which way to go
Question by:sportsboy
LVL 33

Accepted Solution

digitap earned 750 total points
ID: 35148944
from strictly the sonicwall perspective:

i don't know about reliable, but it seems easier to work with as the sonicwall ssl-vpn client (NetExtender) is easier to install than the fat client, GlobalVPN Client (GVC). also, you have the portal you can manage for different uses. you can launch TS session, Citrix session, application, web site, etc. there are alot of options. with the GVC, you simply get a VPN, which is alot, but it's not what you get with the ssl-vpn.

as far as faster, the sonicwall appliances allow you to enable an ssl-vpn interface in addition to the GVC connections. in this case, it might not be faster. the sonicwall is doing a bunch of other stuff in addition to ssl-vpn. if you need speed and you have alot of vpn client, then i'd recommend an ssl-vpn appliance separate from the firewall. you don't have to have a sonicwall firewall to implement the ssl-vpn appliance.

for my clients, if i'm talking about 1-5 users, i typically enable the ssl-vpn appliance on their firewall. i do have client where they require 20+ and vendor access. we purchased an ssl-vpn appliance for them. also, i create different portals based on connectivity requirements. it works really well.

hope that helps!
LVL 28

Expert Comment

ID: 35158584
SSL VPN client connections can typically traverse proxy servers and NAT connections.  This eliminates having to have the end user modify their router/firewall/proxy server.

LVL 18

Assisted Solution

decoleur earned 750 total points
ID: 35162286
the big difference between the SSL VPN and the IPSec VPN Client access is the method used. SSL VPN typically uses a flavor of the same crypto that is associated with secure web browsing and with many of the solutions tunnels the traffic over TCP/443. IPSec on the other hand typically uses other protocols from TCP and needs to make special accommodations if going across a NAT device.

Most SSL VPN clients are easier to install than IPSec and can be used to connect securely without admin rights on a host. For example I have set up SSL VPN profiles that could provide access to corporate assets from kiosk machines in coffee shops if desired (FWIW- many additional controls were enabled to make sure the browser session was protected, no key loggers, active AV, and an encrypted browser cache that would be gibberish to prying eyes later). All of those features were extensions of the SSL VPN solution but would not be available with the IPSec solution.

I think one of the real differentiators is that the SSL VPN solution can provide a portal that allows access to very specific resources. Click a link for a protected web page and you are on it, select a rdp session with an internal host and you get an applet that runs the remote desktop in the browser window. As has been previously stated that portal can be customized to the user or their group association.

I have heard mumblings that IPSec VPN client access will be phased out in favor of the SSL VPN client solutions but that IPSec will still be around for site to site and site to multi-site connections.

but what is boils down to is do you want to manage another piece of software on your users hosts or give them another URL that provides a customized secure access solution?

there might be something to the hype, but don't take my word for it give it a try.

hope this helps,


Author Closing Comment

ID: 35349793
at least some thing

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Working from home is a dream for many people who aren’t happy about getting up early, going to the office, and spending long hours at work. There are lots of benefits of remote work for employees.
Free Data Recovery software is an advanced solution from Kernel Tools to recover data and files such as documents, emails, database, media and pictures, etc. It supports recovery from physical & logical drive after a hard disk crash, accidental/inte…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question