![]() Definitely not as robust as other options (not ‘identity aware’).Standard port-forwarding/NAT/firewall topology, exposing the Papercut server (or other systems) to the general web.Pre-Existing (not implemented) Fortigate capabilities.Very extensible, scaling to other applications.In typical Google Cloud fashion, “some assembly required”.May not have an ongoing per-user cost? (Maybe a VPN cost?). ![]() Connecting to On-Prem looks to require some effort.Integrates tightly with Google products (we use GSuite).Once setup, easy to scale to other applications.Not expensive (not per-user cost), but it’s “all or nothing” for a DNS domain/zone?.I don’t think it’s an ‘identity aware’ system (not sure yet).Minimal infrastructure or none on my part.Does seem to be an ‘identity aware’ option.Don’t know if it fits a zero-trust/BeyondCorp style model, but it may.Is a ‘bridge’ of sorts between on-prem and cloud-first.I think this will require all users to exist in AzureAD. ![]() Azure Active Directory Application Proxy.What is on my short list (in alphabetical order): “do I trust this application enough to be Internet facing?” Security toolsĮxist to mitigate risk, but they don’t eliminate it. That said, at the end of the day you do have to decide Significant (time and money) investment it’s probably unlikely you’ll getīetter protection. ![]() There are plenty of other vendors out there, but without a pretty (this config will need to be stacked with a reverse proxy load balancingĬonfiguration with TLS Offload so the Fortigate can see the clear-text TLS protected applications I found configuring it to be quite difficult Your FortiGate does have a basic WAF available (Ĭookbook | FortiGate / FortiOS 5.4.0 | Fortinet Documentation Library) but for There are good WAFs and cheap WAFs, and never shall Protect you from application level attacks (like struts vulnerabilities, So, this is a relatively complicated answer but here goes…Ī reverse proxy will protect you from *protocol *level attacks - things
0 Comments
Leave a Reply. |