SSL VPNs come of age
We see how six leading appliances measure up to one another and to IPSec
The NSP’s layer 3 tunnel is deployed as an ActiveX control, so layer 3 support is available only for Windows clients. This shortcoming is mitigated somewhat by the fact that the NSP handles thin-client access such as to terminal servers or “green-screen” legacy hosts in a way that’s different from that of any other appliance in this roundup. It uses Java client software and a proprietary protocol to connect the remote user to built-in proxy server software from Tarantella. The Tarantella server then makes the connection to the protected resource. This extra layer between client and server proxies all inbound traffic, regardless of its method of transport.
Also new to this release is support for Sygate’s On-Demand end-point policy enforcement software, which AEP Networks offers at additional cost. Client integrity scans can take place before and after authentication, and each realm can have its own specific host policy. The more advanced Sygate features are available only to clients on the Windows platform, but its cache-cleaning component will erase temporary files, cookies, and other session information for any Java-compatible browser.
When compared with those of other appliances, the NSP’s user interface is plain but easy to navigate. It still forces you to do some UI “link hopping” to create your realms, user authentication, and application definitions, but it could be worse. When I became comfortable with the UI’s organization, I had little trouble modifying or adding new applications and realms, although the NSP’s policy granularity is not as fine as that of some other products.
The NSP also has good internal logging and reporting capabilities, but it isn’t the best of the bunch in this regard. As do all the products in this roundup, the NSP supports both SNMP and Syslog logging. In addition, the NSP offers internally generated HTML graphs of basic system statistics.
Click for larger view.
Array Networks SPX3000
When I first reviewed Array Networks’ SSL VPN, I thought it needed to improve a bit to be a real player. In the past year, Array has enhanced its product through the inclusion of a layer 3 tunnel, site virtualization, and client-side host checking.