Results 1 to 8 of 8

Thread: SSL VPN appliances

  1. #1
    Senior Member
    Join Date
    Jul 2001
    Posts
    461

    SSL VPN appliances

    Has anyone here used or evaluated any SSL VPN appliances such as the Nortel Alteo, or products available from safeweb(now owned by symantec) or Neoteris(now owned by netscreen I think)?

    I am beginning to evaluate some of these solutions to fill certain needs at work, and was just hoping someone could give me some first hand opinions. I can(and have) certainly search google for as much information and reveiws as I could possibly want, but am looking for some knowledgeable non journalist opinions.

    As far as applications go, we would be fairly straightforward, securing web based email, web based phone system access(change voicemail settings, and listen to voice mail from a site built into an NBX), access to personal files for a certain number of users(not all by far), web based timecards, an intranet with access to any number of different things which we have coded ourselves all browser based stuff though, perhaps terminal access for some users(applicable models only of course), citrix nfuse(for some users perhaps) and maybe a few other things which I cannot think of at the moment. Every thing is a standard type app, nothing out of the ordinary except for our intranet, which is all just browser based anyway.

    Getting all of these different apps secured seperately, and maintaining all the different firewall rules, vpn setups, etc. is starting to become a major hassle. A single point of entry to all these different apps would be very very nice, and several of the ssl vpn appliances out there claim to do just what we need.

    So, any real experience??????


    Thanks,

    IchNiSan

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    115
    if you're talking about straight ssl acceleration, check out bigip ecommerce package, or the 1000 series box. i also evaluated rainbox technologies ssl accelerator card for the server (cheaper solution) but overall, it comes down to how much you want to spend as well as scalability, etc... the most important thing is to identify how many transaction you're going to have through ssl, most ot the time vendor is going to throw out some large n tps, etc...

    --w0rm3y

  3. #3
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    Thanks worm3y but I am definitely not looking for ssl acceleration. The devices I am looking at are sort of a reverse proxy server appliance, with ssl which authenticates to an external source(ldap or active directory), but provide a bit more than a straight reverse proxy with ssl.

    some examples

    http://www.safeweb.com
    http://www.neoteris.com
    http://www.nortelnetworks.com/produc...alteon/sslvpn/

    these devices provide access to internal apps, through a web browser with ssl, instead of through client software ipsec vpn.

    thanks again.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    Another one is Aventails EX-1500 . I have used it and it is very good.

    Nokia I believe also have a VPN solution, but I havnt looked into it with any great depth. Here is a quick link to their VPN Page .
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  5. #5
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    great, I will check it out,

    If anyone is interested in an article about the pros/cons of these systems as opposed to straight ipsec vpn here is a pretty good article.

    http://infosecuritymag.techtarget.co..._art83,00.html

    I read that one earlier, but it doesn't want to respond for me right now.... hopefully others here will have better luck.

    Thanks SoggyBottom

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    I've seen demos of a product called Netilla. You might want to check that out to.

    http://www.netilla.com/
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    I have quite a bit of experience with the Neoteris IVE. let me know what specific info you are looking for and I will be glad to assist. Just to let you know in advance, we have been very happy with it.

  8. #8
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    Thanks again for the input all.

    iNViCTuS,

    Thanks for offering to answer a few questions, I am seriously considering requesting a demo, and hopefully an evaluation on my network for one of these appliances, and want to pre qualify them a bit before I put my name in front of some bulldog type sales people. I hope I am not asking for too much time. If so, I understand if you can't answer any/all questions.

    1. If using the Secure Email Client Option, does the client have to stay connected to the IVE via their browser the entire time they have Outlook Express or Eudora open, or can they connect once, and download the plugin/whatever, then have the mail client just use the plugin whenever it wants to connect without having to leave the browser open(or even open it at all after the first session)?

    2. Licensing is done by concurrent users?

    3. Have you used the Secure Terminal Access Upgrade? If so, are there any issues(over and above the traditional terminal services issues) with screen refresh or other lag issues?

    4. Are you authenticating to Active Directory? If so, have you tried authenticating users from a domain that has a trust relationship with the main domain you authenticate to?

    5. Were you involved in the evaluation of Neoteris, before purchase? If so, would you mind just giving me a brief(very brief I dont want to take up a lot of your time) explanation of why you chose that over any of the competitors?

    Thanks again for your time, I really appreciate it.

    EDIT:

    One more...

    Is the portal that the user is presented with after login customizable? Logos, colors, etc?

    Thanks,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •