Wireless Access

Why should a client pick via instead a normal VPN Client

Can anyone tell me what can via do that normal VPN clients does not do?

Is there somehing im not seeing?

I would like to know if there is like a differenciator of  VIA vs normal VPN Clients in which a client would want to use via over the VPN Clients....

This is hard to sell i guess because normally companies use firewall vpn clients and i dont see an argument of why via could be a better option... or at least i have not found it.... it would be helpful having like a table or soemthing of differenciators of normal firewall vpn clients... imean if its exist...

Or this feature is not to compete the other VPN clients? and rather than that is just like if the client does not have a vpn client yet?

Cheers

Carlos

It is cost effective to add VIA-VPN to an existing Aruba Deployment

You can also leverage the existing roles and firewall policies that you have already built for your WLAN users to give them the same consistent experience and security posture that they would have if wireless.  You can also transparently apply those to multiple different types of users on the backend, instead of having the users manually choose a profile to give them a particular type of access.

The VIA VPN client also senses when a user is not  inside the company and auto-launches.  It will not launch when they are inside the firewall.  It has multiple profiles for site redundancy.  It also has a mac, android and IOS version.

Firewalls allow off-the-shelf VPN clients to connect, but do not offer the security or flexibility of the VIA-VPN solution.

Well it has it advantage over the Firewall VPN of the firewall brand we sell here... as im aware of what it can do as i know how to configure it i mean the firewall branded sslvpn.

The bad thing is that you have to pay for the  PEFV license... in the other at least the other sslvpn client of the firewall is free..

If the other you can also set the permition to the internal network, per group or per AD group. The downsite is the administrattion...  as you if you want to change something you will have to change it in both places instead of one.

But its not automatically connect or anything of that... i think checkpoint one automatically connect... not sure, as i dont manage checkpoint.

Question here... this is something the firewall sslvpn client cannot do at least the one of the firewall brand we manage.

On  IOS devices like ipad and mac stuff you cannot do a tunned sslvpn.... because vendors for example in this case the firewallbrand we sell cannot modifiy in any way the IOS  as it goes agains the policy rules of development of mac... at least thats what the TAC of that firewallbrand told me... you just can do a web portal sslvpn... which it not very good, this means i would not be able to access for example a program that  are not  web based...

How does aruba works in this case? will it feels for the user that he is inside the corporation? for example without the usage of bookmarks that you have to click?

Because if it feels like if you were connected inside the corporation without bookmarks and those kind of stuff that would be a good advantage agains the normal firewall SSL vpns... as we got clients asking for this kind of thing... and i had sadly had to say that it cannot be done without bookmarks  at least in the firewall brand we manage..

Cheers

Carlos

---

@NightShade1 wrote:

Well it has it advantage over the Firewall VPN of the firewall brand we sell here... as im aware of what it can do as i know how to configure it i mean the firewall branded sslvpn.

 

The bad thing is that you have to pay for the  PEFV license... in the other at least the other sslvpn client of the firewall is free..

If the other you can also set the permition to the internal network, per group or per AD group. The downsite is the administrattion...  as you if you want to change something you will have to change it in both places instead of one.

But its not automatically connect or anything of that... i think checkpoint one automatically connect... not sure, as i dont manage checkpoint.

 

Question here... this is something the firewall sslvpn client cannot do at least the one of the firewall brand we manage.

On  IOS devices like ipad and mac stuff you cannot do a tunned sslvpn.... because vendors for example in this case the firewallbrand we sell cannot modifiy in any way the IOS  as it goes agains the policy rules of development of mac... at least thats what the TAC of that firewallbrand told me... you just can do a web portal sslvpn... which it not very good, this means i would not be able to access for example a program that  are not  web based...

 

How does aruba works in this case? will it feels for the user that he is inside the corporation? for example without the usage of bookmarks that you have to click?

 

Because if it feels like if you were connected inside the corporation without bookmarks and those kind of stuff that would be a good advantage agains the normal firewall SSL vpns... as we got clients asking for this kind of thing... and i had sadly had to say that it cannot be done without bookmarks  at least in the firewall brand we manage..

 

Cheers

Carlos

---

With an SSL VPN you go to a landing page and install a component to do VPN.  With VIA, the same is true, where a user hits a https:  landing page after authenticating and has to install a component to connect, so it is not very different.  

More extensive details on the VIA client are on the datasheet here:  http://www.arubanetworks.com/pdf/products/DS_VIA.pdf as well as the VIA networking page here:  http://www.arubanetworks.com/products/management-security-software-2/virtual-intranet-access-client

Ultimately the organization's use cases, as well as their remote access and organizational policy will determine if VIA is a good fit.  For those that do, it provides excellent value.  

No i guess with my bad english you didnt understand what i mean...

With the Firewall VPN after instaling the app of the ssl vpn...bookmarks are presented...

Bookmarks are like links

links in which i can click to access...

For example

Let say i got this IPAD i install the vpn ssl app okay?

Then i just got option of a list of pages i can go through the firewall is doing like a proxy... but i can only access http pages... for example

a internal website of the company...

But let say i got a program in my ipad that does not connect via http... then i would not be able to use it...

I think the same happen with mac but i cant remenber right now.. as the quetion was directly for ipads... at that time...

I mean how does via work in this situation? will i be connected, and after installing the client i wouldnt need like bookmarks or anything on IOS or macs?  i mean i would be like if i were inside of the company?

Are you asking if you will need special bookmarks for applications and internal pages after you connect?  The short answer is no.

The existing applications that work internally will work externally in an identical fashion when the IOS app is launched.  You will not need to use bookmarks when you are outside, no.

Yes that what i was asking! :)

Well then

The advantage as i see it

1-No need of bookmarks or anything similar on IOS

2-Central managment of policies(if you got already the Aruba WC installed with roles and everything.

3-Autodectect and autolaunch when the user is out of the enterprise.. with others you need to manually connect...

Anything else you would add Collin?  as ill still offer it even if they got already a vpn client solution... telling them the key points and what they can gain if they switch to this one.

IF they dont have well its a way easy...

Cheers

Carlos

The partner website should have a guide that details the advantages.  It is down this weekend for maintenence, but it should be up by Monday.

Okay Collin i will start reading again how to  configure it, read the vrd of it  and making some test to see how it goes.

Thanks Again

Cheers

Carlos