Is it better to implement a VPN in a Firewall or at the server? Give reasons. I am new to this area but it fascinates me. What are benefits of it being implemented at the server? What are benefits of it being implemented at the Firewall?
George
Is it better to implement a VPN in a Firewall or at the server? Give reasons. I am new to this area but it fascinates me. What are benefits of it being implemented at the server? What are benefits of it being implemented at the Firewall?
George
When you phrase it like that, it sounds like a homework assignment. We don't do people's homework for them.
What have you decided so far, and what points have you thought of but do not know yet how to resolve? For the points you do not know how to decide as yet: Give reasons.
It's better to terminate VPN's at the firewall appliance or a VPN concentrator, than at a "server".
We always require users to use one use/password for the VPN and another user/password for their "server" access. This means that they have to provide two different forms of authentication to make a connection.
Additionally, by terminating the VPN at the firewall we can restrict what ports hit the LAN side of the network - as an example, for IT Department VPN's we might allow all IP/Ports, while remote workers might be limited to 3389 and the IP of the terminal server.
If you properly terminate the VPN users, then restrict their access, there is little chance that your server will get exploited/compromised through the vpn connection attempts.
There is no generic answer to that question. What are you trying to achieve? And what are you using to implement that VPN?
cu
59cobaltCabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.