by May 4, 2006 0 comments



SSL-VPN 2000 is a VPN solution for mid sized organizations.
The device comes with a nice silver casing and resembles SonicWall firewall box.
It comes with four Ethernet ports on the front side of the box. All the ports
can be managed separately and used for a different network or DMZ. Additionally,
it has a console port for configuration using Telnet. The front of the box also
has three LEDs. One of them  alarms you of any impending attack or problem
with the box. Its  granular access control feature enables you to broaden
connectivity beyond the domains of your organization by providing trusted
sources with remote access to your network resources.


Price:
Rs 1,89,642 (1 yr warranty)

Meant For:
Mid-sized Enterprises

Key Specs:
Web based configuration, Web based VPN client access

Pros:
Good security features

Cons:
Configuration is not easy with web interface. No support for third party routers/firewalls 

Contact:

SonicWall India, Bangalore Tel: 9844021937
Email id: sbiswas@sonicwall.com 

The device supports three network scenarios. The first two
include a setup where you have a SonicWall UTM device, coupled with SSL-VPN 2000
box, with direct (one to one) port forwarding. You can also use any third party
router but you would need an option for one to one NATing for this to 
work.

Such an arrangement enables data coming to the router on
port 443 to be forwarded to the device. In the third scenario,  you have
the SSL-VPN running inside a sub-netted LAN. In this setup, since the box is
running inside a LAN, there is no need for NATing.

We also tried to use a third party ZyXel router to test the
first two scenarios. At our  first attempt, we failed. Then, we took a
supporting Sonicwall TZ170 router. But the configuration of the box is slightly
tricky, so we had to call technicians from the company to set it up for us.  
One of the plus points with this box is its easy integration to external
authentication servers such as Active Directory. We tried authenticating the box
with a domain controller created over a Windows 2003 Server and it worked
perfectly.

During tests, the product showed some negative features
such as lack of support for port-forwarded applications, ACLs on file servers
and Web servers running on non-standard ports. This happened because of
difficulties in configuring the box.  For testing the VPN over SSL, we
created a VPN connection on SonicWall and connected it on a real IP using ‘one
to one’ NATing. On the client side, we used a 256 Kbps connection to access
our test network.

From this end, we were able to see the entire test network
quite  easily. To test the throughput, we did some file transferring and
found the performance to be good enough on a decent machine (AMD 2.0 GHz with
256 RAM). This test checks whether any load is generated over the machine while
encrypting the data before transferring or not.

As it supports SSL technology which means encryption of
data between both points, we ran a sniffer to capture the raw data. But the
sniffer failed to decode any packets over the SSL connection. It was not able to
decode even the authentication strings, which in some devices are sent in plain
text.

In the security tests, the box performed admirably. We ran
a slew of vulnerability accessing tools such as Nessus and Firewalk on the
forwarded port where the router was sending traffic to the Box. Nessus showed
zero risks while Firewalk just failed to penetrate. We also tried to check
whether we could capture the authentication strings of the box by running a
sniffer inside the LAN or not but even this failed.

SonicWall has recently entered the remote access and VPN
market with some new products. To consolidate its position, it has acquired ‘enKoo,’
which is an SSL VPN product vendor and has some good products on remote desktop,
online conferencing, etc.

This merger took place in Nov 2005. So, we hope that very
soon SonicWall will incorporate all the features from this product and others,
and make itself friendlier with third party vendors, eventually leading to
better performance.

Bottom Line: If you are planning to buy a mid-ranged
VPN product then you can opt for SonicWall. But, watch out for configuration
issues. Most likely, you won’t be having the in house expertise to configure
it and so would have to take company’s help.

Anindya Roy

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.