Currently using NordLayer for my company, but complaints about reliability and performance are becoming more frequent. What alternatives do you recommend?
May I ask why you pay someone for that? IMHO to install and configure a vpn gateway is no rocket science. Maybe your firewall solution could handle that as well.
As asked earlier: What are your needs and how many users do you have?
What is your budget? What are your needs?
A lot of companies physical network infrastructure will dictate the type of VPN they use. Cisco, and Palo Alto tend to be more popular ones I encounter. Zscaler is also one I encounter on occasion.
Does your firewall support VPN? And if so, can you tie AD to it?
Windows Always On VPN has been pretty rock solid for us with the config managed by Intune.
Grab yourself a Fortinet 80F or 90F with no ATP, utp, or enterprise license. Only get the hardware + FortiCare and run your own VPN concentrator. It can link into AD with LDAP or into a cloud identity provider with SAML to integrate with SSO.
Prisma Access will definitely be less than $12 per user per month but not sure if you have enough users…so how many users?
I’m currently implementing Appgate SDP for my org. It’s solid and easy to set up. Supports a good amount of features you’d expect to see in an enterprise product like HA, failover at the site level, always on vpn, different types of auth (saml, ldap, etc). Though I think it comes at a larger cost (I think we are doing $17 MRC per user on a multi-year deal). Other options we looked at was Perimeter 81 and zscaler ZPA but ultimately decided on Appgate due to the fact that we could fully self host.
Answer: Whatever client your corporate firewall supports and provides (and it’ll be free)
Check out NetFoundry.io.
Twingate is my favorite for clients
No more than $12/user/month. Primary use case is to provide a secure tunnel to our network when not in the office.
If you want to self-host, have you considered open source options? Such as OpenZiti - https://github.com/openziti. Similar to ZPA but superior, e.g., has its own CA/PKI with ability to bring your own IDP, implements mTLS and E2EE, a smart routing fabric, much richer amount of endpoints and any use case supported.