My firewall is able to handle the load by itself so why are these even on the market as standalone products?
So that firewall won’t get hacked via SSL VPN portal? Though I think most of the separate VPN servers I’ve managed have been Windows servers.
It used to be that these devices used special hardware to accelerate VPN (especially the encryption part). Now days with Intel QAT for IPSec and Wireguard any firewall can handle 1000s of VPN connections. Why these still exist? Because managers know them and want to replace their aging appliance with a new one.
Why do you have a VPN concentrator?
I don’t. I use Wireguard on my edge firewalls running at 100Gbps, no QAT needed.
Best answer right here. Restrict access to the VPN itself, and always use a separate box to do it. Way less risky to have your VPN land on the clean side of the DMZ.
It’s even worse; those appliances usually have their throughput limited unless you buy the special high-speed license.
You mean like silly Citrix ADC 