Internet Edge Design: SSL VPN Placement?
This is another question that arose today. Where do you want place your VPN gateway (SSL or other VPN concentrators) in you internet edge for the network? Should they be placed next to firewalls on the edge, routers, or behind the firewall?
In my opinion, VPN concentrators should be behind a firewall with OOB - Out of Band Management - capabilities, especially if it's a SSL or Web VPN device. Because, HTTP/HTTPs are proned to web based attacks like ssl stripping and SSL VPN has two parts (Web Server and VPN Server).
However, I would like to know what others have to say about it in the community and if there is a better approach.
Please feel free to leave you suggestions and thoughts in the comment section.