SonicWALL SSL-VPN 2000

SSL-VPNs offer a compelling solution for providing secure remote access to network resources, and are easier to implement and manage than traditional IPsec VPNs - mobile workers just require a standard web browser as opposed to complex client utilities.

SonicWALL moves into this market with three appliances. The SSL-VPN 2000 on review is aimed at businesses with up to 500 employees. It offers a reasonably powerful hardware package but, although there are no user limitations, SonicWALL recommends it handles no more than 50 concurrent connections. Unlike Billion's BiGuard S10 (web ID: 100213), it doesn't offer any firewalling capabilities, designed to sit behind an existing firewall and control access to services placed in a DMZ or a separate subnet on the LAN. It offers four Fast Ethernet ports, but only the first can terminate SSL-VPN sessions. Consequently, its management interface can only be accessed from a system connected to this port.

For testing, we placed some XP systems on the first port to act as remote clients and connected the second port to our LAN where our application servers resided. The web interface is easy to use. You start by defining addresses for each port, default routes to the remote networks and, if required, static routes as well. For user authentication, you can use the internal database, but, as with other SSL-VPN appliances, there's also support for NT domain, AD, RADIUS and LDAP authentication.

You define what services you want to make available by creating network objects. Each can define all services, or you can choose from HTTP, HTTPS, RDP, VNC, FTP and file shares. A new feature is the Citrix portal, which replaces the ICA client with a Java app that's downloaded on demand. Single IP addresses or IP networks are assigned to each object and you can have multiple entries for each one. Policies fine-tune access to network resources and act at the global, group and user levels.

When a user authenticates to the appliance, they're presented with SonicWALL's customisable Virtual Office portal, which provides access to the NetExtender client utility, file sharing and any bookmarks their policy allows them to see. NetExtender transparently pushes an ActiveX thin client to their system to create an encrypted tunnel over PPP, and during this process they get an IP address from the pool associated with their policy.

During testing, we had no problems with the appliance, and were able to create and remotely access services on our LAN including FTP, remote desktop, file sharing and web servers. Bookmarks are a useful aid for users, as these are placed on their personnel portal for quick access to remote services, and we could create ones with a file path that linked only to specific applications.

SonicWALL shows precisely why SSL-VPNs are the best bet for providing secure remote access to mobile workers. The SSL-VPN 2000 is simple to deploy, doesn't cost a fortune and offers a very good range of functions for the price.

Author: Dave Mitchell