We're looking to move our AWS workload behind private IP, instead of BeyondCorp-style HTTP gateway.
We have the following requirements for VPN that would allow user access:
- Our sibling company use Pulse Secure, so this must not be Pulse Secure as some people would need to have 2 VPNs on at the same time. We have no control over the sibling company's networking.
- I believe we need to move our network to IPv6, as most private ranges are probably in use by the sibling company. So, the VPN software should be able to tunnel IPv6 traffic (but connect over IPv4)
- Support macOS, Linux and Android
- Group ACL that allow a user to be in multiple groups (eg. group A can access service i, j, but Mr. B in the group can also access service k)
- Authentication with Google Account, or Certificate/User account plus 2FA
- We might implement device trust in the future, so having that available or in their roadmap is a big plus
- Only carry private traffic, no DNS/TLS eavesdropping
- Cloud-based would be nice, otherwise must be AWS compatible
Management wouldn't approve the HTTP gateway-style like Cloudflare Access or Pomerium, only ones that would feel like a traditional VPN from the client side.
From the list I believe Zscaler Private Access fit the most of it, but I'm not sure about IPv6 support and Linux support is non-existent at this time.
No comments:
Post a Comment