Fortinet FortiClient is a feature-rich solution that is easy to use and deploy without sacrificing safety and security. It has a very fast connection rate and has a built-in VPN. With this solution, you can assign a different VPN or network for each user, once they are authenticated. Fortinet FortiClient is very scalable and easy to use. This is an all-in-one solution with very high throughput.
We did find, though, that it was lagging in some authentication tools, especially with the newer versions. Installation can take a very long time. Deployment with Mac devices and even some WIndows based-devices can be problematic. The stability could be improved too - it can be very buggy at times, especially with the EMS. Support could be better too.
Open VPN Access Server is easy to set up and use. It is a stable solution that offers multi-authentication and the support is quite good. It is an open-source solution so it is very affordable. While it scales vertically with some difficulty and downtime, it does not scale horizontally. Some of our clients indicated that this solution did not meet all of their security protocols. They could do with better intrusion protection and detection.
We have a very large, diverse client base and need a solution that provides for excellent scalability and can completely satisfy the numerous different security protocols they all require. Fortinet FortiClient was the best fit for our organization and our clients are very satisfied.
The product is fully customized through configuration files, which is all achieved through manual data entry. This is where it becomes unattractive. If there was a Graphical User Interface to help streamline the configuration, I believe OpenVPN would probably venture more into the non-geek realm as it were. What I mean by this is, if there was a form-driven configuration process, like a "File -> Settings" kind of thing, where the end user can enter data into fields to specify the connection specifics, e.g. hostname/IP Address, protocols, etc. that could be written into the config file in the background, similar to what you see in YaST over in openSuSE in some of the services area, etc., and basically foolproof the VPN configuration, you may see more GUI-oriented folks using OpenVPN. Of course in saying this, I anticipate what's going to happen: "Well, give it a try, Elliott!" I'd love to, but my programming skills aren't there yet - I'm a "Edit the file" guy...
Enterprise Architect at a tech services company with 201-500 employees
Jun 30, 2020
We would like to be able to access the parts of the network that belong to other virtual LANs, which is not currently possible. For example, if an organization has different VLANs for sales, developers, and production, then we can only connect and view one of these segments. If you can access sales then you will have visibility of that particular subnet and not be able to see the developer VLAN resources. The security needs to be improved because it was a complaint that our customers had. I'm not sure exactly what the specific issue is, other than they told us that it was not compliant with their organizational policies. It is not possible to scale this solution horizontally, which is something that should be improved. They could allow multiple instances to run in different zones, synchronizing with each using a round-robin scheduler. It would be great if they added intrusion prevention and detection (IPS/IDS) features. If they had these then there would be less need to use other products, such as firewalls. It would allow everything to run under one umbrella with centralized control.