Smart tunnels on Cisco ASA

Sometimes we have to provide secure remote access for users whose computers we don’t have any influence at all on. These computers don’t have AnyConnect or Cisco VPN client and the users may not have administrator rights so browser-based AnyConnect installation is not an option either. We can set up a WebVPN portal for such users on Cisco ASA with the clientless SSL VPN feature.

Clientless SSL VPN provides a web portal with various services such as intenal websites, CIFS links, Outlook Web Access etc. which are all accessed via the browser. The ASA software provides HTTPS service to the client and proxies the internal server’s material. The SSL core rewriter (or content rewriter) does application proxying therefore not all websites are guaranteed to work properly. For example, as of 9.1(3) the ASA software does not support Microsoft Sharepoint 2013 portal and some tricky content is not displayed. Read the rest of this entry »

Keeping firewall policies consistent on Juniper SRX firewalls with Junos Space

A distributed firewall system requires a means to keep the firewall rules and other security policies consistent across similar-role firewalls. Traffic may choose alternative paths if multiple telco lines or data centers are used. We have been testing some Juniper SRX’s in this scenario. The Juniper management software you need for such tasks is Security Director that is an add-on application to Junos Space Management Platform.
Read the rest of this entry »