Correct On Wed, Nov 15, 2017 at 9:23 PM Kurt Buff <kurt.b...@gmail.com> wrote:
> So, it's not used to configure load balancing or client redirection > for GP? OK, I can see that. > > Kurt > > On Tue, Nov 14, 2017 at 6:22 PM, Don Ely <don....@gmail.com> wrote: > > Panorama is only a MGMT tool for the firewalls. It has nothing to do with > > traffic mgmt > > > > On Nov 14, 2017 17:25, "Kurt Buff" <kurt.b...@gmail.com> wrote: > >> > >> I presume this requires Panorama? We don't have that, I've been > >> wanting it for a while, but it's been hard to justify when we have > >> only 3 sites, two of which are PA500s. > >> > >> On Tue, Nov 14, 2017 at 1:49 PM, Don Ely <don....@gmail.com> wrote: > >> > Sure it can, DNS RR or some kind of GTM > >> > > >> > As for cloud, PA does GP in the cloud. Scales up and down as > needed... > >> > > >> > > >> > On Tue, Nov 14, 2017 at 1:35 PM Kurt Buff <kurt.b...@gmail.com> > wrote: > >> >> > >> >> Perhaps I missed it, but I didn't see that GP will autoconnect to the > >> >> closest/fastest site. > >> >> > >> >> That doesn't mean GP is out of the running - I like it where I've set > >> >> it up, so it's on my list, especially since all of our sites have > Palo > >> >> Altos already. > >> >> > >> >> But, from the way the questions were put to me, it sounds like the > >> >> requestor is biased toward some sort of "cloud" solution, not tied to > >> >> current hardware. > >> >> > >> >> > >> >> Kurt > >> >> > >> >> On Mon, Nov 13, 2017 at 6:04 PM, Don Ely <don....@gmail.com> wrote: > >> >> > Why can't Global Protect achieve all of your needs? Did I miss > some > >> >> > requirement they can't meet? > >> >> > > >> >> > On Mon, Nov 13, 2017 at 5:25 PM Kurt Buff <kurt.b...@gmail.com> > >> >> > wrote: > >> >> >> > >> >> >> Arg - that should be "seeking commercial services".. > >> >> >> > >> >> >> And, once I bring recommendations, it might well be that we just > >> >> >> fall > >> >> >> back to a DirectAccess server in each office, with our without a > >> >> >> multi-site configuration, potentially with an SSP VPN appliance > also > >> >> >> at each office for backup and contractors, and call it good. > >> >> >> > >> >> >> Kurt > >> >> >> > >> >> >> On Mon, Nov 13, 2017 at 5:03 PM, Kurt Buff <kurt.b...@gmail.com> > >> >> >> wrote: > >> >> >> > I'm not sure either, but that's the task I've been given - not > >> >> >> > necessarily to implement at this stage, but to scope out the > >> >> >> > alternatives and come up with some possibilities. > >> >> >> > > >> >> >> > It's also why I'm seeing recommendations on commercial services, > >> >> >> > so > >> >> >> > that our implementation requirements are minimized. > >> >> >> > > >> >> >> > Kurt > >> >> >> > > >> >> >> > On Mon, Nov 13, 2017 at 4:38 PM, Joseph L. Casale > >> >> >> > <jcas...@activenetwerx.com> wrote: > >> >> >> >> I've done a lot of openvpn setups in a myriad of formats, site > to > >> >> >> >> site, > >> >> >> >> hub and spoke, client etc. > >> >> >> >> It works well and there are even some lesser documented > features > >> >> >> >> that > >> >> >> >> do some neat stuff but you are now rolling your solution and > >> >> >> >> marinating it > >> >> >> >> manually. > >> >> >> >> Not sure how well that will scale unless you have a skilled > team. > >> >> >> >> > >> >> >> >>> -----Original Message----- > >> >> >> >>> From: listsad...@lists.myitforum.com > >> >> >> >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt > Buff > >> >> >> >>> Sent: Monday, November 13, 2017 5:22 PM > >> >> >> >>> To: ntsysadm <NTSysADM@lists.myitforum.com> > >> >> >> >>> Subject: [NTSysADM] Looking for a global VPN solution - > looking > >> >> >> >>> for > >> >> >> >>> input > >> >> >> >>> > >> >> >> >>> All, > >> >> >> >>> > >> >> >> >>> 1) For staff, currently we're using DirectAccess on 2012R2 as > >> >> >> >>> our > >> >> >> >>> primary conduit in the US, with SSL VPNs (SonicWall and Palo > >> >> >> >>> Alto > >> >> >> >>> Global Protect) as primary for our overseas offices and > >> >> >> >>> secondary > >> >> >> >>> for > >> >> >> >>> the US (Sonicwall). > >> >> >> >>> > >> >> >> >>> 2) In the US office, we also have contractors/consultants > >> >> >> >>> needing > >> >> >> >>> to > >> >> >> >>> use our SSL VPN for access to various resources, and that will > >> >> >> >>> likely > >> >> >> >>> expand to our overseas offices soon. Differentiation and > >> >> >> >>> securing > >> >> >> >>> resources is even more important here than in 1). > >> >> >> >>> > >> >> >> >>> 3) We also stand up IPSec tunnels for vendors/partners as > needed > >> >> >> >>> (lab > >> >> >> >>> to lab), for interoperability/compatibility testing. > >> >> >> >>> > >> >> >> >>> We're looking to get into a solution that will take care of at > >> >> >> >>> least > >> >> >> >>> the first two (and ideally the third as well), so that we > don't > >> >> >> >>> have > >> >> >> >>> so many platforms to support, and so that we can make sure > that > >> >> >> >>> staff > >> >> >> >>> in the field get the fasted connection available. > >> >> >> >>> > >> >> >> >>> I've taken a quick gander at the websites for vyprvpn (Golden > >> >> >> >>> Frog), > >> >> >> >>> and OpenVPN (commercial client offering), but don't have much > of > >> >> >> >>> an > >> >> >> >>> opinion on them, as info about them is a bit thin. > >> >> >> >>> > >> >> >> >>> Anyone have experience with solutions like this, and care to > >> >> >> >>> comment? > >> >> >> >>> > >> >> >> >>> Thanks, > >> >> >> >>> > >> >> >> >>> Kurt > >> >> >> >>> > >> >> >> >> > >> >> >> > >> >> >> > >> >> > > >> >> > >> >> > >> > > >> > >> > > > > >
