Network Connector has a standalone client. True, but can you run that without the administrative credentials?
Absolutely. The Standalone Network Connector client requires admin rights only at installation time. The regular web-launched Network Connector client requires admin rights at run time, every time, in order to correctly configure network routes. The standalone client has always been the better way to go for environments which restrict admin rights, and the standalone Network Connector client can be installed and configured via Group Policy in a properly managed corporate environment.
”which has an identical workflow” - NOT AT ALL. As long as you need administrator credential then you will restrict dramatically the number of the machines that can use the servce only to those you are administrating.
I was referring here to the workflow of the Standalone SSL VPN Agent vs the web-launched SSL VPN Agent, nothing to do with Network Connector. The Standalone Agent does not require admin rights to install (it can be installed inside a user's profile) or use, with the exception of launching Network Connector because of the network route requirement as detailed above.
Just out of interest, I decided to have a look at how other companies define an SSL VPN just in case we differed. Cisco's seems to be:
There is a difference between a full VPN tunnel and an SSL-enabled proxy server. The latter is an application gateway that supports a certain type of applications. A complete SSL VPN, on the other hand, is a VPN that provides all VPN characteristics and local LAN user experience (in terms of network access). If application access requirements are modest, SSL VPN does not require additional client software to be installed on the endpoint device. For broader application access, a dynamically downloadable tunneling client is typically delivered when needed to the client machine to support such full SSL VPN capabilities.
I would say that our product fits that definition - modest needs (web forwards) are available clientless, advanced needs (Network Connector, SSL tunnels) require a client that can be downloaded when needed. There's clearly nothing I can tell you here that will close this to your satisfaction other than to repeat my suggestion that if you are unhappy with the continued operation of your SSL VPN then you call our Sales team and discuss a migration plan to a NextGen Firewall with CudaLaunch which may be able to take into account your existing subscriptions.