/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us
Anindya Roy
SSL-VPN 2000 is a VPN solution for mid sized organizations. The device comes
with a nice silver casing and resembles SonicWall firewall box. It comes with
four Ethernet ports on the front side of the box. All the ports can be managed
separately and used for a different network or DMZ. Additionally, it has a
console port for configuration using Telnet. The front of the box also has three
LEDs. One of them alarms you of any impending attack or problem with the box.
Its granular access control feature enables you to broaden connectivity beyond
the domains of your organization by providing trusted sources with remote access
to your network resources.
The
device supports three network scenarios. The first two include a setup where you
have a SonicWall UTM device, coupled with SSL-VPN 2000 box, with direct (one to
one) port forwarding. You can also use any third party router but you would need
an option for one to one NATing for this to work.
Such
an arrangement enables data coming to the router on port 443 to be forwarded to
the device. In the third scenario, you have the SSL-VPN running inside a
sub-netted LAN. In this setup, since the box is running inside a LAN, there is
no need for NATing.
We
also tried to use a third party ZyXel router to test the first two scenarios. At
our first attempt, we failed. Then, we took a supporting Sonicwall TZ170
router. But the configuration of the box is slightly tricky, so we had to call
technicians from the company to set it up for us. One of the plus points with
this box is its easy integration to external authentication servers such as
Active Directory. We tried authenticating the box with a domain controller
created over a Windows 2003 Server and it worked perfectly.
During tests, the product showed some negative features such as lack of support
for port-forwarded applications, ACLs on file servers and Web servers running on
non-standard ports. This happened because of difficulties in configuring the
box. For testing the VPN over SSL, we created a VPN connection on SonicWall and
connected it on a real IP using 'one to one' NATing. On the client side, we used
a 256 Kbps connection to access our test network.
From
this end, we were able to see the entire test network quite easily. To test the
throughput, we did some file transferring and found the performance to be good
enough on a decent machine (AMD 2.0 GHz with 256 RAM). This test checks whether
any load is generated over the machine while encrypting the data before
transferring or not.
As it
supports SSL technology which means encryption of data between both points, we
ran a sniffer to capture the raw data. But the sniffer failed to decode any
packets over the SSL connection. It was not able to decode even the
authentication strings, which in some devices are sent in plain text.
/ciol/media/post_attachments/0e4d6c54ff95b1f37d4a3d9638ddd7600280ee29e7462fc1393cfebb8aeb474c.jpg)
In
the security tests, the box performed admirably. We ran a slew of vulnerability
accessing tools such as Nessus and Firewalk on the forwarded port where the
router was sending traffic to the Box. Nessus showed zero risks while Firewalk
just failed to penetrate. We also tried to check whether we could capture the
authentication strings of the box by running a sniffer inside the LAN or not but
even this failed.
SonicWall has recently entered the remote access and VPN market with some new
products. To consolidate its position, it has acquired 'enKoo,' which is an SSL
VPN product vendor and has some good products on remote desktop, online
conferencing, etc.
This
merger took place in Nov 2005. So, we hope that very soon SonicWall will
incorporate all the features from this product and others, and make itself
friendlier with third party vendors, eventually leading to better performance.
Bottom Line: If you are planning to buy a
mid-ranged VPN product then you can opt for SonicWall. But, watch out for
configuration issues. Most likely, you won't be having the in house expertise to
configure it and so would have to take company's help.
Price:
Rs 1,89,642 (1 yr warranty)
Meant For:
Mid-sized Enterprises
Key Specs:
Web based configuration, Web based VPN client access
Pros:
Good security features
Cons:
Configuration is not easy with web interface. No support for third party
routers/firewalls
Contact:
SonicWall India, Bangalore Tel: 9844021937 Email id:
sbiswas@sonicwall.com