October 22nd, 2003, 03:45 AM
SSL VPN appliances
Has anyone here used or evaluated any SSL VPN appliances such as the Nortel Alteo, or products available from safeweb(now owned by symantec) or Neoteris(now owned by netscreen I think)?
I am beginning to evaluate some of these solutions to fill certain needs at work, and was just hoping someone could give me some first hand opinions. I can(and have) certainly search google for as much information and reveiws as I could possibly want, but am looking for some knowledgeable non journalist opinions.
As far as applications go, we would be fairly straightforward, securing web based email, web based phone system access(change voicemail settings, and listen to voice mail from a site built into an NBX), access to personal files for a certain number of users(not all by far), web based timecards, an intranet with access to any number of different things which we have coded ourselves all browser based stuff though, perhaps terminal access for some users(applicable models only of course), citrix nfuse(for some users perhaps) and maybe a few other things which I cannot think of at the moment. Every thing is a standard type app, nothing out of the ordinary except for our intranet, which is all just browser based anyway.
Getting all of these different apps secured seperately, and maintaining all the different firewall rules, vpn setups, etc. is starting to become a major hassle. A single point of entry to all these different apps would be very very nice, and several of the ssl vpn appliances out there claim to do just what we need.
So, any real experience??????
October 22nd, 2003, 03:54 AM
if you're talking about straight ssl acceleration, check out bigip ecommerce package, or the 1000 series box. i also evaluated rainbox technologies ssl accelerator card for the server (cheaper solution) but overall, it comes down to how much you want to spend as well as scalability, etc... the most important thing is to identify how many transaction you're going to have through ssl, most ot the time vendor is going to throw out some large n tps, etc...
October 22nd, 2003, 04:05 AM
Thanks worm3y but I am definitely not looking for ssl acceleration. The devices I am looking at are sort of a reverse proxy server appliance, with ssl which authenticates to an external source(ldap or active directory), but provide a bit more than a straight reverse proxy with ssl.
these devices provide access to internal apps, through a web browser with ssl, instead of through client software ipsec vpn.
October 22nd, 2003, 05:21 AM
Another one is Aventails EX-1500 . I have used it and it is very good.
Nokia I believe also have a VPN solution, but I havnt looked into it with any great depth. Here is a quick link to their VPN Page .
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
October 22nd, 2003, 05:40 AM
great, I will check it out,
If anyone is interested in an article about the pros/cons of these systems as opposed to straight ipsec vpn here is a pretty good article.
I read that one earlier, but it doesn't want to respond for me right now.... hopefully others here will have better luck.
October 22nd, 2003, 10:19 AM
I've seen demos of a product called Netilla. You might want to check that out to.
Experience is something you don't get until just after you need it.
October 22nd, 2003, 02:58 PM
I have quite a bit of experience with the Neoteris IVE. let me know what specific info you are looking for and I will be glad to assist. Just to let you know in advance, we have been very happy with it.
October 22nd, 2003, 04:05 PM
Thanks again for the input all.
Thanks for offering to answer a few questions, I am seriously considering requesting a demo, and hopefully an evaluation on my network for one of these appliances, and want to pre qualify them a bit before I put my name in front of some bulldog type sales people. I hope I am not asking for too much time. If so, I understand if you can't answer any/all questions.
1. If using the Secure Email Client Option, does the client have to stay connected to the IVE via their browser the entire time they have Outlook Express or Eudora open, or can they connect once, and download the plugin/whatever, then have the mail client just use the plugin whenever it wants to connect without having to leave the browser open(or even open it at all after the first session)?
2. Licensing is done by concurrent users?
3. Have you used the Secure Terminal Access Upgrade? If so, are there any issues(over and above the traditional terminal services issues) with screen refresh or other lag issues?
4. Are you authenticating to Active Directory? If so, have you tried authenticating users from a domain that has a trust relationship with the main domain you authenticate to?
5. Were you involved in the evaluation of Neoteris, before purchase? If so, would you mind just giving me a brief(very brief I dont want to take up a lot of your time) explanation of why you chose that over any of the competitors?
Thanks again for your time, I really appreciate it.
Is the portal that the user is presented with after login customizable? Logos, colors, etc?