Wednesday, May 29, 2019

Need Advice for a good VPN Client for my company (1000 users)

My company currently purchased Meraki across the board, for Switches, and Firewalls in every site (China, Australia, UK, US) . 6 Buildings in total across the world. They were using non-standard sub-par equipment until they standardized each building.

Now that we have Meraki's we are trying to upgrade our VPN clients for people to work remotely and still access resources into our main buildings. Each building that needs access to each other has a P2P Tunnel already, so inside our network there's no issues.

However, Outside the network it's still anybody's guess. We're using Pulse (a very old crappy version, no one likes it) to access the UK and US, and have nothing implemented for the rest of the networks.

Now when we went to setup the Meraki's for VPN client access we noticed that Meraki doesn't have a software client to create its own VPN adapter. You have to go to Windows or Mac and create a connection using the native OS settings. This brought up a very bad issue with our clients not split-tunneling traffic. While there IS technically a way around this and you can run a script to add these split tunnel fixes, my boss is looking for a piece of software that will work with the Meraki VPN settings.

The Software he wants should do the following.

Have multiple profiles that we can import in order to setup different building configs easily.

Allow Split-Tunneling (obviously, standard practice here)

Officially supports Meraki hardware.

Works and looks the same on both Mac and PC.

We are aware that Meraki supports ASA's. And while that is a solution, that will tend to be a very expensive solution, as you need to buy licenses for each user that will be connecting to each building. So if you have 1000 users and all of them are connection to each building (not realistic example, I know, but this is for sake of numbers). You will need 6000 licenses in total, which will get very expensive as you have to update your license support every year. So we're looking for alternatives.

If anyone has any suggestions I'm all ears. I've already been suggested PfSense, and am frankly turned off by the fact that it's freeware with the option to buy support. But if their support is good I would be open to that.

Thanks for everyone help and your time!!



No comments:

Post a Comment