Generic SSL VPN profile so any user in the security group can login using the same VPN configuration.
Currently, if a company has a pool of laptops to be handed out by users that have the SSL VPN client installed, they cannot log into the SSL VPN client without first logging into the user portal and then downloading the configuration for their particular user. It would be nice to have one VPN client install and if the user is a member of a particular security group, be able to log in using the installed VPN client software.
To J Brunner:
It it not very secure to basically have users with local admin rights to be able to install the VPN client + certificates. As it cannot be deployed globally with current configuration.
There should be option to disable user certificates and use global one. Make a warning appear when this option is being chosen.
When used together with OTP password I cannot see how this would be more insecure than giving users admin rights to computers.
Why other manufacturers have this option for SSL VPN (Like FortiGate) if it considered insecure.
XG is just not enterprise ready with this solution. Forcing to use IPsec VPN etc is not a solution as these ports are blocked for example from China. Only option is to use SSL VPN on port 443.
J Brunner commented
Nice, but not very secure, what if one of those laptops goes missing?
Unlike Cyberoam, we can use one configuration file for all users and any users able to login using the same configuration file. In XG we need to download and install different config file for each user. For a non-IT user it will be very hard for them. We would like to have 1 configuration file and any user will be able to login using the same configuration file.