F5 Networks makes SSL VPNs easy
Updated FirePass 1000 makes browser-based remote access to apps a snap
Every year more employees work from remote offices or from home. And every year, IT spends more time supporting remote access to corporate applications. One reason for the time drain is that IPSec, the standard VPN encryption standard, can be difficult to configure, even with the improvements made in Windows XP.
The new alternative are SSL VPNs, which use the SSL Web server standard instead of IPSec. With SSL, a browser provides direct access to applications and the network, with no complex setup.
The F5 Networks FirePass family consists of the 1000 model, reviewed here, and the recently announced 4100 model, which has additional enterprise features such as hardware SSL acceleration. They both provide easy setup of enterprise applications -- from e-mail and accounting applications to X-Windows applications and file and print services -- for secure access through a browser.
Since we reviewed it last December, the FirePass 1000 has boosted functionality, including better presentation of applications, more flexible policies, and more granular management. In addition, it now provides PDA accessibility and has a Citrix MetaFrame portal.
Simple SSL Setup
Providing SSL access to a single application, especially if it's Web-enabled, is relatively simple. But providing SSL access to many apps that aren't Web enabled is another matter entirely. Presenting the application interface in a browser window is a challenge, one that the FirePass overcomes handily.
Running applications through the FirePass, using the ActiveX control, is no more difficult than running them from a Windows server. I was able to quickly and easily set up access to files, printers, and a wide variety of applications though the Web portal. I could access those applications from browsers on a variety of Windows, Linux, Macintosh, and even Pocket PC systems, with little effort or configuration required on the client side.
The FirePass can be configured to automatically download the required ActiveX or Java remote-access component to a user's browser, and to automatically clean up the browser and client system afterward, removing links, history, temp files, and more. For systems that have ActiveX disabled, the FirePass Java client puts a Java wrapper around ActiveX, so browsers with Java enabled will provide the same level of functionality as those with ActiveX.
Security is excellent throughout the system. You may enter passwords by clicking on a virtual keyboard with the mouse, making it impossible for keystroke loggers, screen-capture routines, or other spyware to collect characters. The Policy Engine will check to ensure that virus scanners or other security applications are installed before allowing access to your apps. It can ensure that necessary service packs have been installed, or look for spyware.
Policy Engine can also offer access to a restricted network to download any necessary patches or applications and can restrict access if the ActiveX client isn't loaded. The system protects apps, watching for buffer overflow attacks, SQL command injection, and other application-layer attacks, as well as stripping viruses and worms from e-mail attachments.