Cisco Anyconnect & VPN client

We are running cisco cloud websecurity (anyconnect client) and old cisco VPN client (currenlty v5) which is EOL and a PITA with Win8+, but works.  The thick VPN client software is managed by us and the firewalls are managed by a 3rd party.  

We are looking at migrating from IPSec VPN for our sites (3) to MPLS.  So far the firewalls proposed are cisco or fortinet.  I have no preferance currently, but would like to keep CWS..

Im unsure how the fortinet VPN client (thick and thin (SSL)) works, can we point clients from the web into the firewalls in the MPLS core back to our on-prem AD for authentication?  Can we use SSL and thick VPN clietns at the same time on the same firewall(s)?   Also, how good is the VPN client compared to the cisco anyconnect?

Regarding the CIsco, can we use SSL and thick client (anyconnect right?) and also integrate both VPN & CWS in anyconnect (labelled umbrella?)?  What are the licencing options?

Any info would be great.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

There's not enough information here.

Is it MPLS between offices over a private link with an internet gateway somewhere, is it 3 offices with seperate internet connections, with MPLS tunnelled over the internet?

Fortigate supports IPSec and SSL VPN. You may use Cisco AnyConnect it self to connect the Fortigate using IPSec. SSL VPN supports Web and Tunnel mode. For tunnel mode you have to in stall FortiClient. FortiClient is comes with IPSec and SSL VPN client built-in. We are using FortiClient and it is working smotthly without any issues.
FortiGate VPN can be easily integrated with AD for authentication.
For detailed setup details refer the videos at

Good Luck!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CHI-LTDAuthor Commented:
believe its this: 3 offices with seperate internet connections, with MPLS tunnelled over the internet, with centralised breakout to the web from the core.
There are a few valid views on this.  

In my opinion, firewalls are not needed, although you know your network setup better than I do.  

MPLS is just a big VPN-like network.  You can have MPLS into your office and not need a firewall because everything is tunneled through the MPLS and there is no local internet connectivity to your network.  This is how I've seen it done in most places.  THe MPLS is usually terminated by a Cisco 2900 and it is set such that all traffic is routed down the MPLS.  No firewall (between network and Internet) needed on site.  Just a correctly configured router.  Multiply this by 3.  

You DO need a firewall at the MPLS core breakout to the Internet.  This is where you would have whatever VPN/firewall technology you prefer.  

As it is a single endpoint, licensing should be simpler than having a firewall at each site.  

This of course is based upon the idea that the three networks are trusted and you don't need to firewall between them.
CHI-LTDAuthor Commented:
I agree, which is why we are looking at centrlaising the firewalls with MPLS.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.