Comparison of SSL and IPSec VPN technology

Configuring a FortiGate SSL VPN

Legacy versus web-enabled applications

IPSec is well suited to network-based legacy applications that are not web-based. As a layer 3 technology, IPSec creates a secure tunnel between two host devices. IP packets are encapsulated by the VPN client and server software running on the hosts.

SSL is typically used for secure web transactions in order to take advantage of web-enabled IP applications. After a secure HTTP link has been established between the web browser and web server, application data is transmitted directly between selected client and server applications through the tunnel.

Authentication differences

IPSec is a well-established technology with robust features that support many legacy products such as smart cards and biometrics.

SSL supports sign-on to a web portal front-end, from which a number of different enterprise applications may be accessed. The Fortinet implementation enables you to assign a specific port for the web portal and to customize the login page if desired.

Connectivity considerations

IPSec supports multiple connections to the same VPN tunnel—a number of remote VPN devices effectively become part of the same network.

SSL forms a connection between two end points such as a remote client and an enterprise network. Transactions involving three (or more) parties are not supported because traffic passes between client and server applications only.

Relative ease of use

Although managing IPSec VPNs has become easier, configuring SSL VPNs is simple in comparison. IPSec protocols may be blocked or restricted by some companies, hotels, and other public places, whereas the SSL protocol is usually unrestricted.

Client software requirements

Dedicated IPSec VPN software must be installed on all IPSec VPN peers and clients and the software has to be configured with compatible settings.

To access server-side applications with SSL VPN, the remote user must have a web browser (Internet Explorer, Netscape, or Mozilla/Firefox), and if Telnet//RDP are used, Sun Java runtime environment. Tunnel-mode client computers must also have ActiveX (IE) or Java Platform (Mozilla/Firefox) enabled.

Access control

IPSec VPNs provide secure network access only. Access to the network resources on a corporate IPSec VPN can be enabled for specific IPSec peers and/or clients. The amount of security that can be applied to users is limited.

 

FortiOS v3.0 MR7 SSL VPN User Guide

14

01-30007-0348-20080718

Page 13 Page 15
Page 14
Image 14
Fortinet FORTIOS V3.0 MR7 Legacy versus web-enabled applications, Authentication differences, Connectivity considerations
Page 13 Page 15

FORTIOS V3.0 MR7 specifications

Fortinet's FortiOS v3.0 MR7 marks a significant advancement in network security and management, providing organizations with enhanced features, technologies, and characteristics to better protect their IT environments. This version of FortiOS is designed to facilitate comprehensive security and optimized performance, ensuring that organizations can safeguard their networks against evolving threats.

One of the main features in FortiOS v3.0 MR7 is its robust firewall capabilities. The stateful firewall technology enables dynamic packet filtering based on predefined security policies. This strengthens the organization's perimeter defense by allowing or denying traffic based on user-defined rules. Additionally, the integrated Application Control feature extends the firewall's capabilities by identifying and controlling applications regardless of port usage, enabling organizations to enforce security policies on a finer-grained level.

FortiOS v3.0 MR7 also introduces advanced intrusion prevention system (IPS) functionalities. The next-generation IPS utilizes deep packet inspection and real-time threat intelligence to detect and block attacks before they can compromise the network. Coupled with Fortinet’s threat research team, which ensures timely updates of security signatures, this system helps organizations mitigate risks posed by sophisticated cyber threats.

Another key characteristic of FortiOS v3.0 MR7 is its enhanced VPN capabilities. The support for both SSL and IPsec VPN allows secure remote access for employees and offers flexible options for secure communication over the internet. This feature is essential for organizations that embrace remote work, ensuring that sensitive data remains protected regardless of the user's location.

In addition to its powerful security features, FortiOS v3.0 MR7 includes advanced reporting and logging capabilities. Users can generate detailed reports that highlight security events, traffic patterns, and performance metrics. This data not only improves visibility into network security but also assists in compliance with regulatory requirements.

Moreover, the platform's user-friendly interface enhances the overall management experience. Administrators can quickly configure settings, monitor activity, and respond to incidents effectively. With centralized management capabilities, FortiOS v3.0 MR7 allows organizations to manage multiple devices from a single console, simplifying operations and reducing administrative overhead.

In summary, Fortinet's FortiOS v3.0 MR7 integrates a wealth of security features, including a stateful firewall, advanced IPS, VPN support, and comprehensive reporting functions. Together, these technologies ensure that organizations can maintain a strong security posture in an increasingly complex threat landscape.
Top Page Image Contents