Remote Working With SSL VPN

Watchguard Security Logo

Remote Working With SSL VPN

Recent events have forced a lot of workers to work from home, but which one is the most secure and easy to use?

Today we’re looking at SSL and will overview the following:

  • Security
  • Ease of Use
  • Portability
  • Performance

Security

SSL is highly secure but not as secure as using an IPSec based VPN due to the inability to incorporate multi-layer encryption, as a result, an attacker only needs to know the Public IP address and the client login details.

The connection itself is protected by TLS encryption so its just the lack of multi-layer which is a risk and you do have the option to incorporate WatchGuard AuthPoint to utilise Multi-Factor Authentication.

Ease of Use/Configuration

Unlike IKEv2 the SSL VPN requires a separate application which can be obtained by going to the public IP address of the Firebox and logging in with either the Active Directory / LDAP credentials or using a local user stored on the Firebox.

Step 1

Define the Public IP the VPN will establish to and specify the DHCP pool.

You can configure split tunnelling and specific resources users can access if it’s required.

Security Remote Working With SSL VPN

Step 2

Select the authentication server you wish to use along with any local users you may have configured.

Configuration Remote Working With SSL VPN

Step 3

Specify any Authentication or Encryption settings you wish to use along with any specific DNS servers you wish the users to use.

Advanced Remote Working With SSL VPN

Step 4

You can either push the client out via Group Policy if using a Windows Domain or you can instruct users to navigate to https://Firewall IP / DNS/sslvpn.hmtl where they can log in with there user credentials and download the most relevant client for their OS.

Login Remote Working With SSL VPN
platform Remote Working With SSL VPN

Step 5

Once installed the users can then login to the SSL connection.

Firewall Firebox Remote Working With SSL VPN

Portability

One advantage of using SSL VPN is that it uses TCP Port 443 for authentication and to form the tunnel so any network that doesn’t decrypt HTTPS traffic it will just work with no issues.

However, if there is any form of Content Inspection – Protocol Enforcement or Application Control which blocks OpenVPN software this could cause the VPN to not establish.

Performance

Typically SSL VPN has a heavy impact on speed and performance due to it relying on using TCP meaning every packet needs an acknowledgement.

For latency-sensitive applications like VoIP or if raw speed is required for file transfers this may not be the best option for you.

If you would like to get in touch with any further questions about this article or any other technical enquiry, please contact us on +44 (0) 1488 647 647

Author: Alex Claro – Solutions Architect Team Lead at Purdicom (CCNP, CWNA). To read this article and more by Alex on LinkedIn check here:  https://www.linkedin.com/in/alex-claro/detail/recent-activity/posts/  

Tags: