I have a client with pretty specific needs that it seems like XG remote access VPN cannot handle...
This client would like a remote access VPN that meets the following:
1. Must be able to see who is logged in / track VPN users through logging
1a. Therefore, each VPN user should have their own login (currently accomplished via AD integration)
2. The client has multiple laptops that are shared between users as needed.
2a. Users need to have immediate access to VPN - ie, they cannot (do not want to...) login to the user portal and download their user-specific configuration for the SSL VPN client, as it takes extra time, and is an extra step that they may or may not need to do, depending on if they've used already VPN with that particular laptop).
2b. This means the SSL VPN client does not work for them.
3. Users must be able to access an RDP session after connection to the VPN. All users connect to the same RDP server, and must be able to use the server simultaneously.
4. Users come and go (as in, hired/fired/resigned), so it needs to be very easy to setup a new user.
I initially setup the SSL VPN client, but found it doesn't meet the requirements of points 1 and 2, since either (1) we would need a shared VPN user so that it only needs to be setup once on each laptop, or (2) we would need to setup each user manually on each laptop.
I then switched to the clientless VPN, but found the issue there is that an RDP "Bookmark" cannot be shared between users (or, rather, "sharing" means users are sharing a single screen and RDP session, which is a no go). The only solution I can find to this is to create a bunch of RDP bookmarks, all with the same settings. This does not really work because (1) if we make all the RDP bookmarks available to all users, then they have to pick and choose until they find one that is not in use (with a dozen or more users on at once, this can be problematic and time-consuming, so it is a no go), and (2) if we assign individual RDP bookmarks to individual users, this requires too much manual work when users come and go.
The main reason for avoiding "manual work" as much as possible is that the client wants to manage this themselves, and this is something that they expect to be a simple process (and I can't blame them, as it really should be a simple thing, not something that we have to keep track of "RDP Bookmark 28 belongs to user JDoe, but JDoe is leaving and JNewman is coming onboard so now we have to make sure JNewman knows to use RDP Bookmark 28 or else he will cause problems for someone else.")
I don't really want to use the IPSec VPN for remote access, as my general experience tells me IPSec remote access is much more likely to not work than an SSL-based remote access solution.
So I'm at a loss. Is there any way to make this work according to the clients needs/wants? They had a Cisco firewall prior to this, and I'd hate to have to go back to Cisco, but it could do what they needed.
I'm not opposed to having some script or something to help automate what would otherwise be manual work to create/manage users/bookmarks/whatever.
This thread was automatically locked due to age.
