In that case it should be as easy as possible, and provisioning the configuration to the client also works only with the commercial client and only when they connect in a different manner, e.g. Well, but ipsec is more complicated to configure, especially when you have customers who are supposed to configure their own client. With SSL VPN we send TCP packets encapsulated into an encrypted data stream that again goes over a TCP connection, and a lot of weird things can happen. Ipsec by nature of the protocol offers better performance. In our speed tests I have seen a high CPU load on the Fortigate every time when I have started a transfer through the SSL VPN. We haven't implemented it in openfortivpn. DTLS is "TLS over UDP protocol on the corresponding UDP port" but it has to be enabled explicitly in the Forticlient and in the configuration of the SSL VPN and it only works with the commercial client. a software switch on the Fortigate linked to the interface on which the SSL VPN is connecting (This probably was an issue in older FortiOS versions, but I couldn't reproduce this).Two things that limit the speed which are often mentioned are: So, we have studied data sheets and forum posts and had a look at the configuration. We have a Fortigate 90D and there we see around 2.5 MB/s for scp through SSL VPN on Linux. We have gathered some experience about the download speed through an SSL VPN connection the last days here at work.
0 Comments
Leave a Reply. |