• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 97
  • Last Modified:

Appliance based reliable cost-effective VPN solution for small business (up to 30 concurrent connections)

Looking for a cost effective appliance based VPN solutions (Preferably clientless), for small business.
Thoughts/ideas/recommendations?

We have a number of small clients that we have been using the Netgear fVS-336s with a lot of success but they are no longer supporting it.
Some users remain on as much as 8-10 hours per day.

Thanks!
0
LICOMPGUY
Asked:
LICOMPGUY
  • 4
  • 3
1 Solution
 
Blue Street TechLast KnightCommented:
Hi LICOMPGUY,

By the phrase "clientless," I'm assuming you are wanting a C2S (Client-to-Site) VPN, correct?

I'd recommend SonicWALL. It is not just about providing good VPNs but also providing great security. The only truly client-less option is an SSL-VPN (clientless version - there are three flavors of SSL-VPNs), though they are limited and are typically done to provide access to an application. If you are worried about management; SSL-VPN clients are easy to deploy in SonicWALL. You can centrally deploy them by Group Policy or even better yet a Virtual Office space (https://<firewall_public_ip>:4433), basically a site hosted on the security appliance where a VPN user logs in and automatically gets the client downloaded - no configuration needed except for the user's credentials, domain, and 2FA if enabled (which I'd recommend).

Now in terms of your requirement of 30 concurrent IPsec tunnels...you could get a SonicWALL TZ300 which would provide the ability to have 50 SSL-VPNs tunnels.

Are you positive on that number (30) because the NETGEAR FVS336s that your customers use maxes out at 25 IPsec tunnels, not to mention those devices are superannuated and impotent to stopping today's current threat landscape. It was running on a 1996 technology (Stateful Packet Inspection), which is why they have discontinued their entire business segment - they can't keep up. A security baseline is to inspect ever packet (unencrypted & encrypted) that comes through the network. NETGEAR can't currently even with their latest products and most other providers can't or either fail open for ones they cannot inspect. SonicWALL is one of the few vendors that can inspect all traffic & is currently the only vendor that is capable of running RTDMI (Real-Time Deep Memory Inspection), which can stop Spectre & Meltdown exploits before reaching the vulnerable hardware in question. Ransomware & Zero-day attacks can also be stopped at the gateway. It is definitely time to upgrade to protect your clients from today's current threats.

Let me know if you have any other questions!
0
 
LICOMPGUYAuthor Commented:
Thanks so much for the detailed response.  I was very impressed what we saw with Sonicwall, but was a little concerned since they parted their ways with Dell. But I guess they aren't going anywhere.

Definitely not sufficient protection with the fvs any longer with everything that is going on with ransomware especially.

What more can you tell me about the Virtual Office space set up - it would be awesome if we don't have to deal with client configs.
Is it pretty seamless with Windows 7, 10 even Mac - would you know?

What were doing is the users would establish the tunnel, then execute a login script so they would get their drive mappings and be able to access network shares.  Do you think we can still accomplish this?

Can't thank you enough for your answer.  As for the 30 concurrent, I did go a bit high, just to allow room.

Thanks so much
0
 
Blue Street TechLast KnightCommented:
Don't worry about the DELL deal; it was good for both parties. DELL was forced to liquidate most of their previously larger acquisitions in order to form one of the biggest acquisitions in tech history...with EMC.

What more can you tell me about the Virtual Office space set up - it would be awesome if we don't have to deal with client configs.
The Virtual Office portal is the website that users log in to launch NetExtender & bookmarks. It can be customized to match any existing company website or design style and it is also a launching point for other service aka bookmarks. You can run the following in bookmarks:
• RDP (HTML5-RDP)      
• SSHv2 (HTML5-SSHv2)
• TELNET (HTML5-TELNET)
• VNC (HTML5-VNC)

Users are not able to delete or modify bookmarks created by the admin. Bookmarks launch virtualized services from the appliance that connect to servers/workstations on the LAN through the SSL-VPN tunnel (application mode) separate from NetExtender.

Is it pretty seamless with Windows 7, 10 even Mac - would you know?
I'm assuming you are talking about the SSL-VPN and not the Virtual Office but irrespectively both are compatible with Windows, Mac OSX, Android, iOS & Linux.

What were doing is the users would establish the tunnel, then execute a login script so they would get their drive mappings and be able to access network shares.  Do you think we can still accomplish this?
Most definitely! In fact NetExtender has this capabilities built-in called Connection Scripts. It provides the ability to run batch file scripts when NetExtender connects & disconnects. The scripts can be used to map or disconnect network drives & printers, launch applications, or open files or websites. NetExtender Connection Scripts can support any valid batch file commands. This would require touching machines though since the Connection Scripts reside locally on the machine but it is a one-time configuration. If you have Group Policy it would be preferred in terms of centralized management.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
LICOMPGUYAuthor Commented:
So if you were to implement this, only needing to establish the tunnel (preferably clientless), meaning we don't have to install a client on every user's laptop, or home PC, and once the tunnel is open, they can execute a login batch file to access files on servers in the office. Which way would you go?
Thanks again!
Definitely going to go this route.
0
 
LICOMPGUYAuthor Commented:
Thanks so much for your help!
0
 
Blue Street TechLast KnightCommented:
Let me help clarify. Bookmarks through the Virtual Office are clientless. For user-based device access like desktops/laptops, smartphones, etc. they would use a client such as NetExtender and/or Mobile Connect however, both are self-service - no admin management or configuration is required. Here is how it would play out.

If a user requires remote access to the network you'd simple tell them to go to https://firewall_ip:4433 and once they get there they will be prompted to enter their credentials. Once they do NetExtender will automatically download and install onto their machine. Then they connect to your network and access whatever resources you want them to have access to.

Now in terms of login scripts you can handle it a few different ways depending on your resources. If you are in a domain environment and have access to Group Policy I'd map them that way. Otherwise, you would have to touch each client machine once. For example, you would create a batch file that would have to be manually entered into the Connection String within each NetExtender client.
0
 
Blue Street TechLast KnightCommented:
Glad I could help...and thanks for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now