In the above use case, the user is able to access the office network and also use the internet through the IPSec VPN tunnel. The advantage is that UTM can be applied for internet traffic.
Instead of using SSL VPN for remote users, the network admin can configure a dial-up IPSec tunnel for remote users through Fortigate appliance. The Remote users at the Home will be able to access the Internet and Intranet securely through the IP-Sec VPN tunnel using the Forti Client application.
If the admin wants the remote user to only access the Intranet but not the Internet through the IPSec tunnel, then the Split tunneling can be enabled on VPN configuration. This Internet gets terminated on the Home Network itself as shown in the above diagram.
VPN split tunneling reduced the overhead on the Office Firewall, the traffic destined to the servers in office will be encrypted whereas and the user will access the internet from the Home Network, as the internet terminates directly at the Home Router.
Below are some of the advantages of IPSec over SSL for remote users:
- IP-Sec is more Secure than SSL.
- In SSL the User will face frequent disconnections when compare to the IP-Sec.
- The installation process of the IP-Sec is Vender Non-Specific.
- IP-Sec encryption includes L2TP, IKEv2, and SSTP which makes IP-Sec connections Faster.