How secure is SSL VPN vs using GVC?

I’m questioning the security of SSL VPN. Users need only a user name and password. With Global VPN client we can use a very strong secure key that’s required at the very first connection and then asks for username and password once the correct key has been provided. So there’s that additional layer of security.

Am I right to think that SSL VPN using something like Mobile Connect is less secure than GVC?

You don’t think SSL uses a very strong key as well? It’s as secure as any other SSL connection you use to buy things online, etc. Don’t let your users use weak passwords, and use OTP if you want.

There are two aspects of the word “secure”

• Intrinsic security - SSL VPN is just as secure, as a protocol, assuming that you’re fully patched to the latest firmware
• Usage/Deployment security - I think this is where your question is focusing, in that there’s a 3rd component, in addition to username and password. In this case you’re correct, BUT this is why we and every other security vendor screams at the users to use MFA/2FA. SSL VPN, whether on the firewall or on the SMA appliance supports 2FA. You can use MS/Google/Duo authenticators. And you must use them.

TL;DR: Turn on 2FA.

SSL VPN supports MFA using Authenticator Apps, through NetExtender, Mobile Connect, and mobile apps (eg iOS).
We use it already, it works great with the latest FW

Related question. For those using SSL VPN can you have multiple simultaneous connections like in GVC?

Thanks.

I’m still a newb with net-sec. So otp will send the associated user account an email as a one time 2fa? Tried to read SonicWALL KB but still unsure.

Yes, sends user an email code.