Currently we are utilizing F5 Edge Client for SSL VPN. For the longest time we were full tunneling, but our VP eventually forced our hands to go split-tunnel (I know all the security risks, yes, I know full is better but that isn't a discussion).
On our F5, I have it enabled to not allow local DNS servers so it forces it through our Infoblox DNS. Our management, however, wants to add another layer of security. I know really basic knowledge about Umbrella and Infoblox having DNS threat protection.
I am curious for those who are using those products or similar on how they are handling it and what products? Our primary requirement is that no matter where they are connected, they are always using our DNS for resolution and not Google or whatever. We know some products you have to install a client locally on the machine. We want to make sure we have a product that locks it down and some smart developer or googler can't find a way to disable it.
We currently use Checkpoint, but are wanting to move to Palo Alto and prefer it. I hate Cisco ASAs/Firepower with a furry powered by 1000 suns and the word Anyconnect was brought up and I shuttered. However, I am trying to keep an open mind and willing to hear the pros and cons of it.
Just curious to see what people are using today, how you are using it and what has and hasn't worked.
No comments:
Post a Comment