Hey y’all, I’m looking to upgrade to a better solution for VPN. I am a remote network engineer for a large corp and I have an extensive lab at home. When I get cabin fever, I travel all over and work out of hotels, but rely on VPN back to my house to reach my lab gear for design/test work. I currently use an old ASA5520 from a previous company that has an AnyConnect license on it. For the most part this works fine, but it is of course outdated and I backhaul all traffic through my VPN, so I’d like to move to something with a bit better bandwidth capabilities. My LAN and DMZ routers are (2) EdgeRouter Lite 3’s, so not great platforms for client-based VPN. I’ve looked at maybe getting a USG for only VPN and using Teleport but not even sure if this is supported on Windows. Also thought about just getting a newer used ASA and continuing to use AnyConnect. I also kinda like the idea of getting a used PA and trying out GlobalProtect. I also considered running some sort of software-based VPN server in one of my vCenters, but I’d rather keep this a separate physical box in case I need to do maintenance while I’m away from home.
Anyway, this isn’t currently burning down the house so I’m open to any and all suggestions. Thanks!
If your familiar with Cisco I’d say get a newer ASA like a 5516-X or something. If your familiar with Fortinet they make some really nice and very capable small biz firewalls like a 40F or 60F. I now recommend Fortinet to all my customers. They are a breeze to setup and licensing and support is miles better then Cisco.
Thanks. I’ll look into it. But like I said, I’d rather keep the VPN part of my environment physical. Although I guess I could run it on a RaspberryPi instead of in my vCenter…
Dude I hear about Fortinet constantly now - even in the SD-WAN space (which is what I primarily deal with nowadays). Might actually look into that. I know ASA backwards and forwards so sure it would be easy to grab a newer one (was actually looking at the 5516X on eBay this morning), but I am curious to mess around with a Fortinet. Thanks!
I drank the Cisco kool-aid a long time ago with all my certs then I started working at MSP and deployed Fortigate and Cisco. On the SDWAN and firewall side I’m a Fortigate convert! Recommended it to all my customers and they were all very happy. It’s so much easier then Cisco Smartnet FMC DNAC stuff. The licensing is easy, setup is a breeze and management is much easier. Just about everything is easier in the Fortigate world. Best of all you don’t have to deal with Cisco TAC.
