SSL-VPN 4000 provides secure remote access to various sources on an
organization's network from anywhere in the world. It has a console port that
connects to an external network such as the Internet. All remote access occurs
through this port. Interestingly, there are five other Ethernet ports on the
box, which according to SonicWall, are all reserved for future use.
There are various ways to deploy this VPN appliance. You can connect the box
to your organization's Demilitarized Zone (DMZ). You can connect it on a
different subnet on your own network. The latter option would be feasible for a
large enterprise that needs to provide secure access to branch offices connected
on its WAN.
There is no restriction on how many concurrent users can connect to the
device, but for optimal performance, SonicWall recommends 200 concurrent users.
To test the device, we connected it to a router. A machine was kept on the LAN
with file sharing enabled on it. The appliance itself supports web-based
management, which is fairly easy to use. We created a user on it, and then tried
to access the internal share from a machine connected to the router's WAN
interface. An IP range was also defined that would be assigned to external users
who connect to the internal resource. After this, all external users wanting to
connect to the internal network would first have to login to the VPN appliance.
They have to download a small client from the appliance, which would then
facilitate the login. Once this is done, future logins become easy. Once the
appliance logged our external user in, we were able to easily access the
internal share. We were easily able to upload and download files to this
internal file share, all through the VPN appliance, over a secure link.
Likewise, the appliance allows external users to access other internal
resources. These could be a Web application, Outlook Web Access, a Citrix
Presentation Server, and many other sources.You could for instance, remotely
control desktops or even servers. This can be very useful for IT managers, as
they can manage their IT infrastructure remotely.
Speaking of secure, we did run our army of security benchmarks on the
appliance. It managed to withstand all of them. Our slew of tests included
Nessus, Nmap, and even a tool for attacking SSL devices, called OpenSSL-to-open.
Nessus showed zero risks and warnings, and Open SSL-to-open also failed to
penetrate. Nmap also reported similar results.
|
Bottomline: With its security and good performance, this device is a good buy
for enterprises that need remote access into their networks.