[isapros] SSL VPN and ISA
- From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Tue, 7 Nov 2006 13:59:20 -0500
No joy on the ISA list. Anyone have SSL VPN appliances in their
environment and had to decide how to treat those users within ISA yet? I
need to decide what the best practice should be for these types of
connections. My inclination is to treat them like any other VPN and keep
them separate from the rest of the network by only allowing a minimum of
access but soon this site will start using the SSL VPN for branch office
connection and that throws a wrench into my plan.
Should I let them into the LAN?
Should I create a DMZ for them?
The SSL VPN Appliance that I've got to deal with is Positive Networks.
It's currently being used to publish a database application and keeps
users to only that app. It does quarantine the workstations and inspect
them for anti-virus software and service pack level; after that they are
assigned an IP address range that is unique to users coming in through
SSL VPN. This product is a competitor of Whale, near as I can tell and
now that Microsoft has entered this realm we're all going to have to
deal with SSL VPN connections eventually. So what are your thoughts on
this?
Amy
Other related posts:
