Seeking clarity on FireCluster management as well as the varieties of VPNs
Hello WatchGuard and friends,
My company recently had an M370 installed by our MSP, as I'm still in my first year working in networking at an SMB. My director and I basically let our consultant replace our ancient Cisco ISR and took a backseat to that process.
So he did the physical installation and replaced our Cisco AnyConnect VPN that remote employees used with the WatchGuard SSLVPN, which overall went very smooth, but he left many of the subscription features untouched. This I guess could be question 1:
Since I've read that IKEv2 is preferable in terms of speed and security -- I understand that we're using SSL to achieve a split-tunnel VPN that my co-workers are all used to, but I've just been reading about how it's possible to achieve a similar situation by use of reverse proxies in the configuration of Access Portal.
Then I read that M3xx devices cannot run this feature -- but that WatchGuard Cloud could -- my question is: is Access Portal accessible to perform these feats (as vaguely as I worded it -- I haven't quite gotten much of the full experience yet); but does the installation of WG Cloud give an M370 TSS setup more abilities, like the one I just mentioned above?
The consultant who installed the M370 said we didn't really need WatchGuard Cloud, or Dimension actually, because all the features are accessible from both the Server Manager as well as the web UI. Is this true? I was looking forward to trying out Dimension if only for the experience, so I'm wondering if you think this would be a worthwhile endeavor.
So right, first: does the WatchGuard Cloud, Server Manager, and Dimension all cover the same features and allow for the same administration?
Also -- when considering the MFA (we'll be implementing AuthPoint) I'm also looking at a hard token to achieve SSO capabilities for the sake of our workers -- and after looking at a few more articles it seems like this could be a possible outcome with AuthPoint MFA (properly configured) alone; earlier I had been considering Okta or Yubico to solve this issue for me but the spend would be tough to rationalize.
So second: is the M370 + TSS capable of creating an MFA/SSO that can achieve (split-tunnel) remote VPN access, Windows login, and application credential management?