Rainbow's SSL VPN is a good start
iGate has the basics but lacks some enterprise-level functions of its competition
Like most other SSL appliances, the iGate uses application proxies to secure both inbound and outbound HTTP traffic and to intermediate the data stream, rewriting the HTML on the fly to help obscure internal host names. You can use SSL to secure traffic not only between client and iGate, but also between iGate and server resources. HTTP compression is also available to help increase performance.
Missing from this release of the iGate is an IPSec-style tunnel. You do not have the ability to open a tunnel directly into your network. For power users or those who need UDP (User Datagram Protocol) support, this level of access is critical. Also missing is a browser cache cleanup utility and a client application verification control. The cache cleaner purges temporary files left in your browser’s cache when you log off, and the application checker looks to see what processes are running on your client to determine if your PC is a security risk or not. The cache cleaner should be available by the time this publishes, and the other features should be available in a software update due out in July.
Resources are defined in the iGate using the concept of sites and connectors. A site is made up of a group of Web apps and their associated SSL tunnel connections, called a VPX. You do have a lot of control over each site definition, such as the type of authentication required, the SSL cipher to use, whether or not to enable compression (on the HTML stream) and the level of logging to use. Site definition is the strongest part of the iGate system.
For user authentication, the iGate can use RADIUS, Active Directory, LDAP, an internal database, Rainbow USB tokens, and SecureID, with support for client certificates coming in mid-April. There is also support for connecting to any ODBC-compliant database for custom user lists.
The Rainbow NetSwift iGate is a well-rounded performer that will improve as new features are added, which should happen this month. I would love to see the user and device management incorporated into a single user interface to reduce jumping between platforms.
When the IPSec-style tunnel, cache cleaning and host checking technologies are all available, the iGate will gain on the SSL VPN front-runners.