ZyXel pushes secure remote access for all

Remote access is a necessity for today's businesses, whether it's for getting at data and apps from a remote office or from the living room sofa after hours. SSL VPNs help provide that access securely and easily through the ubiquitous Web browser without requiring a "fat" software client on the remote PC. And now SSL VPN vendors are finally bringing feature-rich clientless remote-access solutions to the little folks, small and midsize companies, at a price low enough for everyone to afford.

Among these solutions aimed at SMBs is the ZyXel ZyWall SSL 10 VPN appliance. The box delivers access to a variety of applications, plus it can connect to various authentication schemes. Moreover, it can check end points for compliance before allowing clients network access. The product sports a Java-based client engine, thus leveraging Java's wide availability on all platforms – but not without the language's notorious performance penalty.

Click for larger view.

The ZyWall SSL appliance is available in configurations for 10 and 25 concurrent users, and it's small enough to fit in even the most space-constrained SMB closet. Despite its stature, the SSL 10 delivers secure access to intranet Web servers, Web-based applications, and TCP and UDP traffic, as well as to Windows and Linux file shares.

Notably, admins can allow secure entry to Microsoft's Outlook Web Access through ZyWall using the predefined OWA application type. This is important because OWA does strange things to the rendered page, and not all SSL VPN appliances – big or small – handle it correctly.

Like the big guys, ZyWall allows remote access to non-Web applications, a feature I really appreciate. Upon successful login to the appliance, a Java applet is pushed down to the client. This client redirects connections to the local loopback addresses (such as 127.0.0.3), sending them to the appliance and on to the application.

For example, I created policies that let me access Microsoft Terminal Services using Remote Desktop Connection from my Windows XP Pro client. I then connected to the loopback address specified by the Java client and was able to link up to the service. Higher-end SSL appliances, such as offerings from Aventail and F5, are more transparent to the end-user – they don't have to connect to the loopback address – but they're much more expensive.

Another nice feature: ZyWall can access file shares on both Windows and Linux servers from within a Web browser. I was able to create multiple links in the appliance's portal page to various shares on both platforms without too much trouble. I did, however, find that connecting to shares on a Windows Server 2003 domain controller brought up some problems. I was not able to authenticate to my server unless I disabled Server Message Block signing in the server's domain controller security policy. Not a problem on small networks, but it requires a little policy fiddling to make it work. I had no issues with shares on Windows XP or Windows 2000 Server.