As a new VPN technology, ssl vpn gateway has its own unique characteristics and has its own merits. Ssl vpn is suitable for mobile users' remote access (Client-Site), while IPSec VPN has inherent advantages in Site-Site VPN connections. These two products will coexist in the VPN market for a long time, with complementary advantages. In terms of product performance, the two products have the following differences:
1. IPsec VPN is mostly used for "network-network" connections, and ssl vpn is used for "mobile customer-network" connections. Mobile users of the ssl vpn can access the internal network through the ssl vpn tunnel without installing the client program. Mobile users of the IPSec VPN need to install specialized IPSec client software.
2. ssl vpn is based on the application layer VPN, while IPsec VPN is based on the network layer VPN. IPsec VPN is transparent to all IP applications, while ssl vpn is more advantageous for Web-based applications. Of course, good products also support TCP/udp c/S applications, for example, file sharing, network neighbor, Ftp, Telnet, and Oracle.
3. ssl vpn users are not restricted by the way they access the internet. The ssl vpn tunnel can penetrate Firewall. However, the IPSec client must support the "NAT penetration" function to penetrate Firewall and open the UDP500 port through Firewall.
4. ssl vpn only needs to maintain the gateway device of the central node, and the client is maintenance-free, reducing the cost of deployment and support. However, IPSec VPN needs to manage each node of communication, which is highly specialized in network management.
5. ssl vpn is easier to provide fine-grained access control, allowing you to perform more detailed control over user permissions, resources, services, and files, and third-party authentication systems (such as radius and AD) the combination is more convenient. IPSec VPN controls user access based on the IP quintuple.
Due to the unique advantages of ssl vpn, ssl vpn is increasingly accepted by some customers. As an industry-leading VPN device manufacturer, Shanghai andaotong Information Security Technology Co., Ltd. recently launched SJW74SSL VPN series gateways based on the original IPSec VPN SGW25 series security gateways, it is to provide users with more diverse options and comprehensive VPN interconnection solutions.
Two typical deployment methods of SJW74SSL VPN gateway are as follows:
Typical deployment mode 1 of SJW74SSL VPN: Gateway mode. In this mode, all application data from the Internet must be protected by SJW74SSL VPN to access the internal network of the enterprise, so as to prevent attacks such as message eavesdropping, message replay, and illegal login. VPN gateways generally access the network in a "Transparent" manner.
Typical deployment mode 2 of SJW74SSL VPN: proxy server mode. This mode is more secure than Mode 1, because customers connected through the ssl vpn tunnel can decrypt the data on the VPN and then filter the data through Firewall to access the Intranet, therefore, Firewall's utility can be fully utilized.
Article entry: csh responsible editor: csh