SSL VPN or Firewall Rule by User - Which is better?
I'm setting up a USG 50 for a small company. I've got up to 3 users that will connect at times to an internal Windows Terminal Server. On the current firewall, there is an RDP NAT rule to redirect RDP to the internal server. My initial plan was to setup RDP using an SSL VPN Web Application on the USG but then I realized that I could assign user group permissions to the RDP NAT rule (the old firewall didn't support this). So, the question is...is there any advantage to using SSL VPN for this versus just requiring authentication on the NAT rule? One advantage to just using the NAT rule is I wouldn't have to buy additional SSL VPN licenses. Are there any security concerns with just using the NAT rule with authentication? I've tested it and it seems to work pretty well (RDP connections aren't allowed until I authenticate with the firewall).
Thanks in advance!
My thoughts, worth exactly what you paid:
I don't see any advantage of VPN, and could be performance disadvantage since RDP is already encrypted... double encrypting could slow things down. (RDP is always encrypted unless you're in France, where apparently there is an option to disable encryption due to strict France laws about cryptography...)
The other thing to check is that the firewall authentication is encrypted, which I assume it is... probably just import the company's CA root...?