Summary
An SSL VPN is a remote-access VPN that wraps user traffic inside a TLS connection to a central concentrator. It became the dominant pattern for corporate remote access in the 2000s and 2010s.
What is an SSL VPN?
In an SSL VPN, every remote user opens a TLS connection to a central concentrator (a hardware appliance or a virtual gateway) and tunnels traffic to internal resources through that single point. There are two common variants: full-tunnel clients that route all traffic over the concentrator, and clientless web portals that proxy specific applications through a browser session.
The model has well-known weaknesses. The concentrator is a high-value target — many critical CVEs in the past two years have hit exactly this class of product. It is also a bottleneck in throughput and a single point of failure for the whole workforce. Because the tunnel implies trust, lateral movement after a compromised laptop is often easy.
Modern alternatives — mesh VPNs based on WireGuard, plus Zero Trust Network Access — flip this model. Identity and policy stay central, but the actual data plane is direct between authorised peers. SSL VPNs are still common in regulated environments and behind legacy firewalls, but the trend is clearly away from concentrator-based designs.
Why is SSL VPN relevant?
- Installed base: Still widespread in enterprises with traditional remote-access architectures
- Compliance baseline: Often the assumed control in older policies and audits
- Migration target: The system that mesh VPN and Zero Trust projects typically replace
- Risk profile: Repeated critical vulnerabilities in major vendor appliances drive evaluations
Related Terms
- VPN: The broader category SSL VPN belongs to
- Mesh VPN: Modern alternative that replaces the central concentrator
- WireGuard: Protocol commonly used in the replacement architecture
- Zero Trust: Security model that goes beyond tunnel-as-trust-boundary
- HTTP / HTTPS: HTTPS uses the same TLS layer that gives the SSL VPN its name