Hi, I need some tips/recommendations how to control access from remote offices.
Today one main headquarter with all servers behind with two 3200.
20 small remote offices using 730 SMB firewalls with VPN to the 3200.
I want to control so only Windows AD joined computers have full access through the vpn tunnel.
All other devices should have limited access, for example printers, thin clients etc.
I can see 3 different approaches:
1. Control the vpn traffic in the 3200 firewall with user awareness.
2. Control the vpn traffic in the 730 firewalls (I think they also have user awareness with an Active Directory connection)
3. Setup 802.1x wired authentication in all remote switches and control the traffice with different vlans.
What would you do and why?