Best Strategies for LAN, WLAN, and VPN in Windows 11 Migration

0
3
Asked By WackyWalrus47 On

Hey everyone,

We're in the middle of migrating to **Windows 11** and using this chance to enhance our security. Here's a quick overview of our current environment:

- **Firewalls:** A mix of **FortiGate** and **OPNsense**
- **Remote Access:** We're still on **SSL VPN** for accessing internal applications
- **Identity & Mail:** We're using a **Hybrid setup** with **Entra ID** and **Exchange Online**
- **Migration Plan:** Transitioning clients to a **cloud-only join** strategy in Entra ID and Intune.

As we modernize, we're examining what the best tech stack looks like moving forward.

Here are some questions I have for 2025 best practices:
- For secure remote access, are you still using **IPsec/SSL VPN**, or are you transitioning to **ZTNA/SASE** models?
- Is anyone implementing **Cloud PKI** for Wi-Fi/LAN authentication instead of the traditional on-premise NPS/CA setups?
- What are your thoughts on **least privilege** and **Zero Trust** practices in daily operations? (Like Conditional Access, device compliance, and privileged access management)
- How do you manage **Wi-Fi onboarding** in a cloud-only world without on-premise Active Directory?

I'd love to hear what other admins are doing in 2025. What works well for you and what would you steer clear of in hindsight?

Thanks in advance for sharing your insights!

1 Answer

Answered By CuriousCactus92 On

I've switched to using an Always-on VPN with split tunneling. This way, I can utilize Next-Gen Firewalls for better filtering while still keeping logs intact when users are on the split tunnel. Oh, and I'm also in a hybrid environment with AD and Exchange. I'm working on redirecting folders to user OneDrives next. By the way, I'm kicking off my Wi-Fi 7 rollout tomorrow, so I’ll keep you posted on that.

SkepticalTurtle21 -

Do you use the Windows native app as your VPN client? Are you sticking with SSL or moving to IPsec?

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.