Is it better to imlement a VPN in a Firewall or at the server?

Is it better to implement a VPN in a Firewall or at the server? Give reasons. I am new to this area but it fascinates me. What are benefits of it being implemented at the server? What are benefits of it being implemented at the Firewall?


Reply to
Loading thread data ...

When you phrase it like that, it sounds like a homework assignment. We don't do people's homework for them.

What have you decided so far, and what points have you thought of but do not know yet how to resolve? For the points you do not know how to decide as yet: Give reasons.

Reply to
Walter Roberson

It's better to terminate VPN's at the firewall appliance or a VPN concentrator, than at a "server".

We always require users to use one use/password for the VPN and another user/password for their "server" access. This means that they have to provide two different forms of authentication to make a connection.

Additionally, by terminating the VPN at the firewall we can restrict what ports hit the LAN side of the network - as an example, for IT Department VPN's we might allow all IP/Ports, while remote workers might be limited to 3389 and the IP of the terminal server.

If you properly terminate the VPN users, then restrict their access, there is little chance that your server will get exploited/compromised through the vpn connection attempts.

Reply to

There is no generic answer to that question. What are you trying to achieve? And what are you using to implement that VPN?


Reply to
Ansgar -59cobalt- Wiechers Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.