At our IT Team meeting last night we got to talking about a few annoying issues with our VPN access ... mainly because I refuse to have a WINS server running :-)
As we got deeper into the conversation it got more interesting. Uber volunteer Dustin recommended that people not have VPN access unless the machine they have offsite is a machine we manage ... so we're sure it has up to date security patches/definitions. I love our team ... they are not afraid to push back when something doesn't jive with them :-)
Of course we can't provide secure laptops to all our staff that need VPN access ... and I'm not going to take away their offsite access ... so what are our options?
SSL VPN is probably the most obvious option. With an SSL VPN device sitting between your firewall and your network, users simply use a web browser to gain access to a portal page. From this page they can do things like browse network folders, remote desktop their work PC, view your intranet ... all without setting up a single thing on their home PC. And since the home PC is not actually making a direct VPN connection, there's no risk of a unsecured home PC spreading malware onto your church network. So users get a much better offsite experience via simple links off the portal page to resources, requires nothing for them to setup/configure AND it eliminates security risks inherent in VPN connections. Of course if you're like me my brain immediately goes, "ok something this slick is going to be expensive!"
So I'm beginning to do research into SSL VPN appliances. Since we have a SonicWall device already it makes sense to look into a SonicWall appliance ... which is also helped by the fact that one of our volunteers is a SonicWall partner ... and is going to try and get us a demo unit to play with shortly :-)
Juniper is a big player in this market so the Juniper Networks SA2000 is on my list.
I'm also seeing good things reported about SSL Explorer ... there's a free community version and a for-pay enterprise version ... they even have a pre-built VMware virtual appliance for download (I so love VMWare!)
So the search for a clientless solution has begun. Anyone else looked into SSL VPN? Are there other options we might also consider (besides Citrix)?