Hey guys,
We have read the news about Fortinet removing SSL VPN for the > 2GB models. This means that for us, we would have to find other options for VPN connectivity, how are you guys doing remote access? IPSec? Wireguard or what would be the easiest most secure alternative?
Isn’t Fortinet a nice company? They make you pay a subscription for firmware upgrades. Then they make you pay for FortiToken licenses. And then they use those firmware upgrades to remove features that you have paid for.
I think you mean the < 2GB models.
We’re moving towards no VPN solutions. Microsoft Global Secure Access or SMB over QUIC and Entra Application Proxy.
Twingate and Tailscale come to mind. Or find solutions that don’t require VPN in the first place.
Thank you for the post. I was able to sound the alarm before we caused issues doing upgrades.
IPSec.
SSLVPN has always been weaker and slower than IPSec. That and the countless vulnerabilities in SSLVPN from Fotigate and other firewall vendors made SSLVPN a non-starter, for me, a long time ago.
Also, Fortinet now permits me to do IPSec with SAML auth to my preferred provider. No need to stand up a RADIUS server and MFA provider.
Do you want a VPN or would you prefer moving to a zero trust network overlay? If the former, Wireguard (or enterprise/SaaS equivalent) the heck out of it, if the latter, check out NetFoundry (built on open source OpenZiti) or Twingate. I work for NF on the OpenZiti project.
As I understood it remains available, but is disabled and visibility is off out of box. Could you cite your source for removal?
You can see here