This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Access for thousands of users with turnover rate

Hey,

I have one problem:

We need to deploy vpn to a large number of users. We have a high turnover rate of the user. The users have to authenticate against ldap. Everthing is working, but i don´t want the users in the backend of the firewall, becouse there is no function for automaitc user cleanup (if a user was deleted in ldap.) I can not administer this manually. Is there an alternative way to deploy VPN without the backend of the firewall?

About suggestions I would be very happy.

Matthias

This thread was automatically locked due to age.

0 BAlfson over 9 years ago

Hi, Matthias, and welcome to the UTM Community!

In this case, you won't want to use any of the methods that require adding users to the UTM. That eliminates the SSL VPN and Cisco as well as certificate-based IPsec connections. You could do IPsec or L2TP/IPsec with a PSK, but with a large number of users and high turnover, a PSK probably won't buy you much added security.

In this case, I would use PPTP with a RADIUS server. Granted, the security isn't as good as the other methods, but it wouldn't seem that you need that much security with all of those people. For a bit more security, you could use L2TP/IPsec with a long PSK that you change monthly and post where only active users can access it to copy into their clients.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel