1.3.5. OpenNAC VPNGW
The OpenNAC VPNGW allows establishing the VPN from a remote location to a corporate network. It also allows applying segmentation access policies, depending on the user profile.
It is a mandatory component for the 2SRA (Secure Remote Access) module, which includes critical components such as:
Policy Enforce: Stateful Firewall module that allows the definition and execution of access rules, based on IP, port source and destination.
VPN module: It allows the configuration of the VPN Gateway, authentication, encryption, pool of IP addresses, internal networks, dynamic zones, etc.
Administration Portal: The VPNGW component management console is integrated in the ON Core Administration Portal. You will find it under the VPNGW section.
Note
OpenNAC VPNGW is a critical node in the solution, and high-availability deployment is recommended. The deployment of one or more nodes to provide this high availability will depend on the deployment requirements, and the final architecture design. If this module is offline, we would lose the ability to establish connections in the VPN.
1.3.5.1. Sizing an OpenNAC VPNGW
The dimension of Network Access solution infrastructure can be directly inferred from the expected workload in terms of users, IPs, types of authentication or use cases deployed that the NAC must sustain. The workload may be complicated to estimate, but this is a crucial exercise to build an efficient NAC Architecture.
The hardware specifications for the VPNGW are:
Resources |
Minimum |
Recommended |
|---|---|---|
Memory |
16 GB |
32 GB |
CPU |
8 CPU |
16 CPU |
Disk Size |
200 GB |
200 GB |
Disk Type |
SCSI/SATA |
SSD |
Network |
2 NIC |
2 NIC** |
Note
** The 2 network interfaces are mainly for service and management (internal communication between the different nodes).