SSL VPN Gateway Product Roundup

Article ID: 20315
Posted November 1st, 2005
in
By:
John Ghrist
By:
Mel Beckman

The Virtual Private Network (VPN) is the modern Internet's killer application, as noted in the SSL VPN technology overview ("SSL VPNs Simplify Remote User Security," below). The newest breed of VPN-enabling appliances, the SSL VPN gateway, is gathering steam in the security marketplace because network administrators find the simplicity and control these devices offer provide a welcome respite from complex Internet Protcol Security (IPSec) VPN administration. Because users need only a browser to tap into an SSL VPN, they're happy as well because this security approach is both less confusing and more reliable than IPSec tunneling.

There are four classifications of gateway product: asynchronous, hybrid, multifunction, and multifunction hybrid. The asynchronous type provides the bare minimum of SSL VPN features: HTTP and HTTPs proxy, granular access control at the IP address level, password and certificate authentication, and access accounting and audit controls. Hybrid gateways support both SSL and IPSec VPNs, helpful if you must support both technologies. A multifunction gateway adds application firewalling, enterprise portal hosting, intrusion prevention and detection, and other complimentary functions. The last category combines hybrid and multifunction feature sets for the ultimate in one-stop security shopping.

Most of these gateways are hardware products, but there are a few software versions that might entice you if you're handy with scripting languages and a screwdriver. One very intriguing option is the open-source software gateways SSL Explorer (sourceforge.net/projects/sslexplorer) and OpenVPN (openvpn.net). Both products run on Windows, Linux, and various forms of Unix. You provide the muscle to install, configure, and maintain these programs, and technical support is catch-as-you-can, but you'll undoubtedly gain a more intimate knowledge of the field by at least experimenting with one of these packages.

Beyond features, the primary price discriminator is capacity in the number of simultaneous VPN users a given product supports. Beware, however, that these limits don't presume extremely heavy traffic for every user. Most vendors treat these limits as license counts, with no guarantee that you can actually achieve full throughput for every user at one time. Ask vendors about rated bandwidth limits and compare those values with your current and projected network traffic before finalizing your product choice.

Although this product roundup is for an iSeries audience, there is nothing very iSeries-specific about VPNs, so most iSeries users won't have unique requirements when selecting a gateway; all can provide remote access to an iSeries server. As usual, the product descriptions here simply summarize or present some highlights of features available in these plug-ins. Please consult the included URLs of the vendors offering these products for more complete functional details. *

Mel Beckman is a senior technical editor for iSeries NEWS.

John Ghrist is senior products editor for iSeries NEWS.

SSL VPN Gateway Products

Asynchronous Gateways

AccessAnywhere
Caveo Technology Group
AccessAnywhere is a family of VPN appliances that integrate SSL VPN technology from Sun Microsystems' Java System Portal Server, Tarantella's Secure Remote Access thin-client software, and two-factor authentication from RSA Security. The solutions replace IPSec VPNs for secure remote access to applications on iSeries, mainframe, Linux, Unix, and Windows servers.
caveo.ca

Aventail EX-Series
Aventail Corporation
The Aventail EX-Series are two SSL VPN appliances, the EX-750 and EX-1500, which serve up to 50 or 1,000 concurrent users, respectively. The EX-1500 also provides clustering, high-availability, and integrated load-balancing features. Both models offer secure application access, end-point control, and centralized policy management.
aventail.com

Citrix Access Gateway
Citrix Systems, Inc.
Citrix Access Gateway is a universal SSL VPN appliance that combines the best features of IPSec and SSL. Its Advanced Access Control feature lets IT administrators maintain a fine degree of control of applications, files, Web content, e-mail attachments, and printing services based on user role, location, device types, device configurations, and connections. The gateway can also automatically and seamlessly reconnect users to applications and documents when they change locations and devices.
citrix.com

enKoo-1000/2000/3000
enKoo
The enKoo 1000, 2000, and 3000 series of clientless SSL VPN remote appliances provide secure communications from any Internet-connected PC to e-mail, files, and applications on remote desktops and servers. The appliances also provide 128-bit encryption, multiple levels of authentication, including one-time passwords, automatic removal of cache and temporary files on clients, a remote connection inactivity timeout, and a remote activity-logging feature.
enkoo.com

Enterprise Private Network
NetSilica, Inc.
Enterprise Private Network (EPN) provides SSL VPN services for enterprise and business partner networks. EPN integrates with multiple authentication (e.g., LDAP, Microsoft Active Directory, RADIUS, RSA ClearTrust and SecurID) and authorization systems, intranet Web applications (e.g., ActiveX Controls, HTTP/HTTPS, JavaScript, VB scripts), and e-mail systems (e.g., MS Exchange and Outlook, Lotus Notes/Domino). It features an application-aware firewall, end-device security cleanup routines, centralized browser-based administration, high-availability and failover safeguards, and configurable events and alerts.
netsilica.com

FirePass Series
F5 Networks, Inc.
The FirePass Series are SSL VPN appliances that secure remote access to enterprise applications and data via a standard Web browser. Endpoint security features prevent infected PCs, hosts, and users from connecting to corporate networks, and automatic rerouting prevents data interception by keystroke loggers and malware. The FirePass Visual Policy Editor offers an engine for creating custom template policies for users, groups, and devices via flowchart-style graphical views.
f5.com

FortiGate-5000 Series
Fortinet, Inc.
FortiGate-5000 are chassis-based modular antivirus firewalls that provide VPN services, antispam protection, bandwidth shaping, and Web content filtering. The FortiGate 5001E in particular provides enhanced VPN performance. Available in 2-, 5-, and 14-slot modules, FortiGate-5000 solutions include failover features and redundant, hot-swappable power supplies and fans to minimize single-point failures.
fortinet.com

Mykenae DNA
Mykenae
Mykenae DNA is a VPN appliance that combines network access with application-level encryption, endpoint security enforcement, security threat protection, and intrusion prevention and forensic analysis. It supports any TCP application, passive-mode File Transfer Protocol, and HTTP/HTTPS, DHTML/HTML, JavaScript and VBScript browser access. The solution also offers a choice of multiple authentication methods, enables portal-based management, and features auditing, logging, intrusion-detection, and application proxy security tools.
mykenae.com

OpenVPN
Open VPN Solutions, LLC
OpenVPN is a software SSL VPN solution that offers remote application access, site-to-site VPN capabilities, Wi-Fi security, load balancing, failover, and fine-grained access controls. OpenVPN implements OSI layer 2 or 3 secure network extension using SSL, supports flexible client authentication methods (e.g., certificates, smart cards, two-factor authentication), and lets administrators apply user- and group-specific access-control policies.
openvpn.net

Permeo Base5
Permeo Technologies, Inc.
Permeo Base5 is a software solution that provides secure, on-demand connectivity between untrusted endpoints and enterprise data resources. Base5 controls usage with data encryption, spyware and malware protection, granular data-access controls, automated session cleanup utilities, and information controls that prevent unauthorized information use (e.g., copying, printing, screen printing, saving browser-delivered information). Base5 also includes SNMP integration, high availability, integration with legacy authentication systems, and simplified deployment features.
permeo.com

PortWise mVPN
PortWise
PortWise mVPN is software that offers a secure enterprise application-access platform. Built-in automated features check user devices to ensure they comply with corporate security policy, authenticate that users are who they claim to be, determine which applications each user is authorized to access, create an encrypted network link between a user device and applications, audit application activity, and remove all traces of access to the network on session completion. Other options include single sign-on identity management.
portwise.com

SafeEnterprise SSL iGate
SafeNet, Inc.
SafeEnterprise SSL iGate is a VPN appliance that uses SSL, IPSec, and Layer 2 technology to provide secure application access to remote users and offices. Users can access core applications via any high-speed Internet connection but without requiring a VPN client or vulnerability to password hacking and other threats. Administrators can manage user changes, consolidate oversight tasks in a single management console, change access rights with just a few mouse clicks, and audit and lock down data access at the file level.
safenet-inc.com

Shiva 4102
Eicon Networks Corporation
The Shiva 4102 is a VPN gateway that provides secure remote access via SSL and uses 128-bit encryption to enable secure data transmission without the installation of clients on the remote end. Other Shiva gateway features include user authentication, free client software, a security management utility, a Web-based management interface, and a proprietary "smart tunneling" protocol that is simpler to configure than IPSec.
eicon.com

Sidewinder G2 Security Appliance
Secure Computing Corporation
The Sidewinder G2 is a clientless SSL VPN solution that can serve thousands of SSL sessions from standard browsers, provides two-factor authentication for user identities, and can apply application-defense filters to HTTP traffic. A decryption feature, protocol-anomaly detection, and other advanced HTTP filters (e.g., SOAP and XML blocking, MIME) protect assets from unauthorized access. An SSL VPN/Termination add-on module increases protection via a PCI card, and a security event analysis and reporting utility helps administrators spot problems and meet legally mandated business requirements.
securecomputing.com

SPAN
vFortress Network Security Pvt. Ltd.
The Seamless Private Application Network (SPAN) is a suite of products that lets users access networked applications over the Internet securely and without any reengineering. SPAN provides access to any application from any location at any time. Features include clientless remote access, site-to-site connectivity, wireless device access, video conferencing bridge, biometric authentication, and security for endpoints, applications, and documents.
vfortress.com

SSL-Explorer
3SP
SSL-Explorer is open-source software that provides SSL-based VPN services without any client-side software installation. Users are free to download, use, and redistribute the software. SSL-Explorer has no concurrent user restrictions, uses a Web-based Microsoft Windows file system, lets administrators configure multiple profiles for access, supports access through an HTTP proxy, and requires no dedicated hardware appliance. Other features include user authentication, support for Windows 2000 or later, Red Hat Linux 8.0 or later, and Microsoft Outlook Web Access.
sshtools.com

SSL-VPN 2000
SonicWALL, Inc.
The SSL-VPN 2000 provides enterprises of any size simple and secure remote network and application access with no preinstalled client software requirement. Using only a standard Web browser, users can access e-mail, files, intranet applications and other corporate LAN assets via a personalized Web portlet. The SSL-VPN 2000 extends secure remote access to computers and environments that aren't necessarily controlled and managed by corporate IT but enables enforcement of granular security policies for all remote users. The SSL-VPN 2000 also interfaces with other SonicWALL products to provide antivirus, antispyware, and intrusion prevention.
sonicwall.com

SR110 SSL VPN Web Security Gateway
Corrent Corporation
The SR110 SSL VPN Web Security Gateway appliance provides secure connectivity for up to 250 concurrent users. The SR110 uses Checkpoint's Connectra software to provide both Web and network access via SSL. Via an integrated Connectra portal, users can access Web applications and resources and access shared files and e-mail.
corrent.com

WatchGuard Firebox SSL VPN Gateway
WatchGuard Technologies, Inc.
The Firebox SSL VPN Gateway provides secure, universal access to up to 205 concurrent remote users. The gateway supports all protocols and applications, continuously verifies endpoint security, can traverse any firewall, and permits clientless access from anywhere via Web-enabled devices. It offers a choice of secure access client and kiosk modes, provides multiple 128- and 164-bit data encryption options, hides the IP addresses of remote networks to foil worm transmissions, and facilitates administrative application of user- and group-based access policies.
watchguard.com

Hybrid Gateways

AEP Netilla Security Platform
SmartGate
AEP Networks
The Netilla Security Platform is a suite of products that enable Web server security and remote access to server applications. The suite includes secure gateways for Citrix, Microsoft, and other network connectivity applications, VPN encryption that protects IP traffic across WANs and LANs, and protected-key utilities. SmartGate is an identity-based application-layer security gateway that lets enterprises exchange information with employees, customers, and business partners via any IP-based infrastructure.
aepsystems.com

NetScreen Secure Access
Juniper Networks, Inc.
NetScreen Secure Access is a family of five SSL VPN appliances for enterprises of varying sizes. It offers end-to-end layered security, dynamic access-privilege management capabilities based on a variety of criteria (e.g., identity, device, security control, network trust level), multiple access methods, high-availability features, and SSL acceleration and clustering options.
netscreen.com

Multifunction Gateways

Array SPX Series
Array Networks
The Array SPX Series is a family of VPN appliances that use Secure Sockets Layer (SSL) to encrypt communications. These include the SPX 2000, SPX3000, and SPX5000, which serve up to 500, 2,500, and 64,000 concurrent users, respectively, and provide a choice of authentication methods and other features. Array SPX Series boxes enable up to 100,000 concurrent SSL connections per single device, control access from the riskiest locations via endpoint security, and use connection multiplexing to maintain high performance.
arraynetworks.net

Connectra
Check Point Software Technologies, Ltd. (Nokia)
Connectra is a Web security gateway available as either hardware or software to provide communications security and protection for remote users over SSL VPNs. It features integrated application and endpoint security, simplified deployment, and flexible platform options. Connectra can force an access policy requiring antivirus software or an installed firewall on a remote client before granting a user access and offers out-of-compliance users links to self-remediation resources. The Connectra software version also self-installs on open servers.
checkpoint.com

e-Gap Remote Access Appliance
Whale Communications, Ltd.
Whale's e-Gap Remote Access Appliance is an SSL VPN that provides remote users with browser-based access to corporate applications and files from anywhere. Whale's Application Aware technology lets the VPN understand how applications work to optimize modules for custom connection to almost 40 popular enterprise applications and specialized products for Microsoft and Lotus environments. Administrators can apply multilayered, granular security policies and ensure zero footprints after providing data through Citrix to an Internet kiosk. e-Gap Remote Access also includes application-specific security tools, usability features, and integrated knowledge of how to integrate it within an enterprise network.
whalecommunications.com

VPN 3000 Series
Cisco Systems, Inc.
The VPN 3000 Series is a family of concentrators offering remote-access VPN services that use both IPSec and SSL within the Cisco Secure Desktop feature for endpoint-security protection. The VPN 3000 product line features Network Admission Control, which uses the network infrastructure to enforce security policy compliance on all devices seeking resource access, and a simple management interface for configuring and monitoring all remote-access users.
cisco.com

Multifunction/Hybrid Gateways

ASA 5500 Series
Cisco Systems, Inc.
The Cisco ASA 5500 Series is a family of multifunction security appliances offering firewall, intrusion prevention, network antivirus, and VPN services. The devices offer proactive threat protection that stops attacks before they spread across a network, provides centralized control of network activity and application traffic, and supports both IPSec and SSL technologies.
cisco.com

Clientless VPN Gateway 4400 Series
Symantec Corporation
Symantec's Clientless VPN Gateway 4400 Series is a standalone, secure, remote-access appliance that lets remote users reach corporate resources without installing remote client software. It provides portal-based access for Web-enabled applications, protects data with SSL encryption, provides centralized access-management and monitoring tools, and can scale up to 5,000 concurrent connections in load-balanced clusters. Its hardened operating system eliminates most worm, virus, and Trojan horse threats and lets administrators configure granular, policy-based user and group extranet access. It also extends secure remote access to wireless handheld devices such as smart phones and PocketPC devices.
enterprisesecurity.symantec.com

Identity-Driven Access Gateways
Caymas Systems, Inc.
Caymas' Identity-Driven Access Gateways product line consists of the Caymas 220, Caymas 318, and Caymas 525 gateways, which feature identity-based access control, integrated application security, and custom acceleration hardware. They offer a choice of access methods (e.g., IPSec, Proxy, SSL, Tunnels), automatic distribution and enforcement of access policy across all sites, identity-based logging and auditing, and scalability to thousands of users.
caymas.com

VPN Gateway 3050
Nortel Networks
The VPN Gateway 3050 is a remote-access security device that supports up to 2,000 concurrent SSL and IPSec user tunnels and hundreds of MB/second of aggregate VPN throughput. The gateways provide a suite of features to safeguard against malicious intent and user negligence. Feature options include data encryption, SSL acceleration, access privileges based on user IP address or authentication strength, clientless operation modes, and global VPN load balancing. The 3050 also supports multiple authentication methods, access auditing, clustering, and application-layer traffic-filtering capabilities.
nortel.com
Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Reddit
  • Magnoliacom
  • Newsvine
  • Furl
  • Facebook
  • Google
  • Yahoo

ProVIP Sponsors

ProVIP Sponsors