Friends, a question, why is it better for remote connections, to apply the vpn ipsec and not the ssl configuration?
To the best of my knowledge, IPsec has never been cracked yet. Whereas all of the recent serious firmware issues were related to openssl 'glitches', thus SSLVPN.
On top of that, I'm not fond of proxies, as they might be written to support a lot of features, or not so many. So, using SSLVPN would only be comparable to IPsec if used in full tunnel mode.
But then, the configuration of an IPsec VPN takes no more effort than setting up an SSLVPN.
And both types are handled by the FortiClient. For the enduser, no difference.
For home circuits, probably this is not a concern. But if you connect from somewhere else like hotel rooms, restaurants, and other public places, IPsec VPNs are sometimes blocked. By default FGT SSL VPN uses TCP 443, same as HTTPS, so it would be never blocked.
Toshi
And generally IPSec has less overhead since it works at Layer3 while SSL VPN has more overhead since it works at application layer above TCP/IP stack.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.