Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

remote connections

Friends, a question, why is it better for remote connections, to apply the vpn ipsec and not the ssl  configuration?

 

 

3 REPLIES 3
ede_pfau
SuperUser
SuperUser

To the best of my knowledge, IPsec has never been cracked yet. Whereas all of the recent serious firmware issues were related to openssl 'glitches', thus SSLVPN.

 

On top of that, I'm not fond of proxies, as they might be written to support a lot of features, or not so many. So, using SSLVPN would only be comparable to IPsec if used in full tunnel mode.

But then, the configuration of an IPsec VPN takes no more effort than setting up an SSLVPN.

 

And both types are handled by the FortiClient. For the enduser, no difference.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Toshi_Esumi
SuperUser
SuperUser

For home circuits, probably this is not a concern. But if you connect from somewhere else like hotel rooms, restaurants, and other public places, IPsec VPNs are sometimes blocked. By default FGT SSL VPN uses TCP 443, same as HTTPS, so it would be never blocked.

Toshi

Toshi_Esumi

And generally IPSec has less overhead since it works at Layer3 while SSL VPN has more overhead since it works at application layer above TCP/IP stack.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors