<div>
There's not enough information here.<br />
<br />
Is it MPLS between offices over a private link with an internet gateway somewhere, is it 3 offices with seperate internet connections, with MPLS tunnelled over the internet?
</div>


<div>
believe its this: 3 offices with seperate internet connections, with MPLS tunnelled over the internet, with centralised breakout to the web from the core.
</div>


<div>
There are a few valid views on this. &nbsp;<br />
<br />
In my opinion, firewalls are not needed, although you know your network setup better than I do. &nbsp;<br />
<br />
MPLS is just a big VPN-like network. &nbsp;You can have MPLS into your office and not need a firewall because everything is tunneled through the MPLS and there is no local internet connectivity to your network. &nbsp;This is how I've seen it done in most places. &nbsp;THe MPLS is usually terminated by a Cisco 2900 and it is set such that all traffic is routed down the MPLS. &nbsp;No firewall (between network and Internet) needed on site. &nbsp;Just a correctly configured router. &nbsp;Multiply this by 3. &nbsp;<br />
<br />
You DO need a firewall at the MPLS core breakout to the Internet. &nbsp;This is where you would have whatever VPN/firewall technology you prefer. &nbsp;<br />
<br />
As it is a single endpoint, licensing should be simpler than having a firewall at each site. &nbsp;<br />
<br />
This of course is based upon the idea that the three networks are trusted and you don't need to firewall between them.
</div>


<div>
I agree, which is why we are looking at centrlaising the firewalls with MPLS.
</div>


<div>
<div class="content wysiwyg-content">
Hello<br />
We are running cisco cloud websecurity (anyconnect client) and old cisco VPN client (currenlty v5) which is EOL and a PITA with Win8+, but works. &nbsp;The thick VPN client software is managed by us and the firewalls are managed by a 3rd party. &nbsp;<br />
<br />
We are looking at migrating from IPSec VPN for our sites (3) to MPLS. &nbsp;So far the firewalls proposed are cisco or fortinet. &nbsp;I have no preferance currently, but would like to keep CWS..<br />
<br />
Im unsure how the fortinet VPN client (thick and thin (SSL)) works, can we point clients from the web into the firewalls in the MPLS core back to our on-prem AD for authentication? &nbsp;Can we use SSL and thick VPN clietns at the same time on the same firewall(s)? &nbsp; Also, how good is the VPN client compared to the cisco anyconnect?<br />
<br />
Regarding the CIsco, can we use SSL and thick client (anyconnect right?) and also integrate both VPN &amp;&nbsp;CWS in anyconnect (labelled umbrella?)? &nbsp;What are the licencing options? <br />
<br />
Any info would be great.<br />
Thanks
</div>
</div>


Hello
We are running cisco cloud websecurity (anyconnect client) and old cisco VPN client (currenlty v5) which is EOL and a PITA with Win8+, but works.  The thick VPN client software is managed by us and the firewalls are managed by a 3rd party.  

We are looking at migrating from IPSec VPN for our sites (3) to MPLS.  So far the firewalls proposed are cisco or fortinet.  I have no preferance currently, but would like to keep CWS..

Im unsure how the fortinet VPN client (thick and thin (SSL)) works, can we point clients from the web into the firewalls in the MPLS core back to our on-prem AD for authentication?  Can we use SSL and thick VPN clietns at the same time on the same firewall(s)?   Also, how good is the VPN client compared to the cisco anyconnect?

Regarding the CIsco, can we use SSL and thick client (anyconnect right?) and also integrate both VPN & CWS in anyconnect (labelled umbrella?)?  What are the licencing options? 

Any info would be great.
Thanks

Cisco Anyconnect &amp; VPN client

Fortinet

Software is any set of instructions that directs a computer to perform specific tasks or operations. Computer software consists of programs, libraries and related non-executable data (such as documentation). Computer software is non-tangible, contrasted with computer hardware, which is the physical component of computers. Software written in a machine language is known as "machine code". However, in practice, software is usually written in high-level programming languages than machine language. High-level languages are translated into machine language using a compiler or interpreter or a combination of the two.

Software

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Cisco Anyconnect &amp; VPN client

Cisco Anyconnect & VPN client