The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.

  • @IHawkMike
    link
    English
    66 months ago

    Sure IPsec with IKEv2 is preferred, but SSL VPNs at least as a fallback will never go away unless it becomes commonplace for outbound firewall rules to allow udp/500 (which I don’t ever see happening).

    The way I’m set up is to have Windows AoVPN connect to my Fortigate w/ IPsec automatically. Then if that doesn’t work due to outbound rules (which is more often lately than it used to be) and I need to connect back to HQ, I manually fire up Forticlient.