@scottalanmiller Ideally, they wouldn't have access to any of that. One point of the gateway access was to limit what the remote/home users have access to.

@Dashrender Using their gateway feature and installing the client on remote users' laptops

@scottalanmiller I can use a jump system. I just hate doing it that way.

@scottalanmiller Synology NAS

@scottalanmiller I don't want any home user to access that but I, as the admin, do want access to them from a remote location.

@Breffni-Potter Backup repository for Veeam

@scottalanmiller said:

@wrx7m said:

@scottalanmiller I wouldn't necessarily struggle with deploying traditional solutions. I didn't think I would struggle with Pertino LOL. It is SOOOO easy everyone said. My main concern is that I can't deploy it on certain devices like printers or items I want to access that also don't have the ability to run the client.

It is SOOO easy, when you deploy it as designed

Printers are an "issue" but outside of what we want to be location agnostic and if you need to get around that we have this new thing around the late 1980s called a printer server. So that's not a real issue today.

What other devices are causing problems?

I was referring to Pertino in terms of how easy it is supposed to be so I am deploying it in the manner in which it is designed to be deployed. It just doesn't work.

@scottalanmiller LOL. Print server is an option, for sure. I want to be able to have access to NAS devices and other connected 'appliances' like UPSs, or switches etc.

@scottalanmiller I wouldn't necessarily struggle with deploying traditional solutions. I didn't think I would struggle with Pertino LOL. It is SOOOO easy everyone said. My main concern is that I can't deploy it on certain devices like printers or items I want to access that also don't have the ability to run the client.

@Dashrender said:

@wrx7m said:

@Dashrender To push out updates for AV clients and for ShoreTel, the use of "softphones" for external sales personnel.

What about moving to a LANless design?

For example, my AV is now cloud based (has been for 5+ years). The agent checks in with the cloud provider for updates and reporting of incidents - local LAN like thing not required.

As for your softphones - again, LANless design - secure, then publish your PBX directly online so softphones can work from anywhere. If your PBX can't be secured, I guess that would be a no go.

This is something I had been considering and I look every time my AV renewal comes around. I was considering Vipre right before GFI bought them out. Looks like a dodged a bullet. Currently using TrendMicro but maybe considering Cylance.

@scottalanmiller I totally get your point. I understand that the way to remedy that is for you to install ZT on every system. My reason for not pursuing ZT for the company is what is required for ZT to work- installing ZT on every system.

@scottalanmiller I saw that for the clients that did not have ZT installed on them, I would get DNS responses with the ZT IP addresses, effectively breaking DNS. I don't want to have to install ZT on every single system both client and server, as I don't with Pertino either.

@Breffni-Potter It also has to be accessible on the LAN for all of the ShoreTel equipment and local IP phones

@Dashrender To push out updates for AV clients and for ShoreTel, the use of "softphones" for external sales personnel.

@Dashrender said:

What are you using gateway appliances to supply connectivity to?

Fileservers, ShoreTel Server, AV server, Printers etc.

In my limited experience with it, I can't seem to figure out DNS with it. Also, I am not sure that the bridging works the way I need for it to act as a gateway.

@Breffni-Potter Thanks, I use ZT for a homelab but don't think it is quite what I want for the company.

So if I have to dump pertino, what would you guys use in terms of a more traditional VPN? I really liked the automatic connection/running as a service aspect. Do other VPNs have this?

@Dashrender Yes, I have Enterprise 100, which is the highest tier and includes everything. As indicated, Pertino/Cradlepoint support is baffled by the problems.

@scottalanmiller I haven't every gotten the gateway to work at all and I am almost positive that there are 2 unrelated issues I am experiencing. The 1st problem is that the pertino client (build 520+) actually prevents my DNS servers from dynamically updating host records so when a desktop on my LAN that has nothing to do with Pertino gets a new IP from my local DHCP server or is assigned a static one, DNS never updates the host record. When installing 510 or uninstalling pertino completely, it updates it immediately.

The second issue is with the gateway and how it does not allow traffic to flow through it. Traffic goes there to die.