A whole lot more than a firewall
Caymas Access Gateway packs SSL, IPSec, and manageable, multilayered security into a single box
In a landscape already cluttered by secure, managed remote-access solutions, Caymas Systems’ Caymas 525 Identity-Driven Access Gateway further blurs the lines between application firewall, end-point access control, and remote-application portal.
The Caymas 525 provides supergranular control of protected resources and a comprehensive app-layer firewall that goes beyond simple HTTP analysis. End-point policy management is among the best out there, featuring an easy-to-use policy tool and support for Sygate On-Demand, but unfortunately, it’s available only for remote Windows users.
I was really impressed with the capabilities built into the Caymas 525. I installed the 2U appliance in my lab and tested it against the same authentication servers and resources I used in my Feb. 7 roundup of six SSL VPNs. I set up the Caymas 525 without any major hassles; within an hour, I had published various resources on the 525’s portal page and had set up authentication using my local Active Directory server.
The administration UI is a pure Java application, and it allows for delegated administration. As do many Java-based applications, the Caymas Management System took a little time to load up, but when running, it performed flawlessly. Caymas’ engineers did a great job on the layout and functionality of the UI.
All resources, all the time
Caymas has built a near-perfect security gateway. Regardless of whether a user is inside or outside the network boundary, the Caymas 525 provides finely metered, manageable access control. Its use of ASICs and FPGAs (field-programmable gate arrays) offload many tasks normally handled by software and CPU, yielding higher throughput and greater capacity. Two ASICs handle the cryptographic functions and two FPGAs manage packet-flow processing and policy enforcement.
Included support for various Web and TCP/IP applications is first-rate. Caymas’ access-control policies are based on various network services, and the appliance comes with one of the most extensive lists of predefined services I’ve ever seen. From CIFS to POP3 to VNC (Virtual Network Computing), nearly every popular network service is built-in, and if one is missing, it’s easy enough to create a new service definition.
Every aspect of the connection -- SSO (single sign-on), cookie, and URL signing, for instance -- can be defined to meet the security and access needs for the enterprise. As do other gateways, the Caymas 525 supports browser-based file access and WebDAV access.
One thing I did find odd is that, for some Web applications, including OWA (Outlook Web Access), I had to create two Web application definitions, one of them being “hidden.” The hidden definition was necessary to provide access to Microsoft Exchange Web folders not necessarily located in the default Exchange location. Other SSL appliances don’t require this extra step, handling OWA cleanly with a single definition.
Caymas comes with an SSL-protected layer 3 tunnel named Secure Connect and support for client-to-server IPSec and site-to-site IPSec VPNs. Secure Connect handles DHCP for remote clients, and it will force the client to request a new key based on either time or amount of data transferred. It does not, however, allow for multiple network or DHCP definitions.