Print
Discuss
Send to friend
On the face of it the EX-750 appears to be little more than another SSL VPN appliance, aimed at much the same small-business market as the Sonicwall SSL VPN 200.
However, that’s not quite the case, with a lot more inside the EX-750 to justify its higher price.
To begin with the EX-750 is from Aventail, the company that pioneered the use of SSL (Secure Socket Layer) for clientless remote Lan access. It’s also a lot more scalable than most other small-business solutions.
Up to 25 concurrent users can be supported with no loss of performance, plus there are other models that have additional load balancing and failover features built in, capable of scaling up to 2,000.
Aventail adds extra Network Access Control (Nac) functionality, too, something that’s not usually found on small-business products. Most notable is the ability to enforce so-called End Point Control (EPC) rules on Windows, Windows Mobile, Apple Mac and Linux clients to ensure that basic security prerequisites are met before allowing remote users to connect.
Effectively a small Intel-powered server, the EX-750 comes as a 1U rackmount appliance with two Ethernet ports for either single-homed or gateway setup. Initial configuration is done using either a local console or a web browser with a quick start wizard to guide you through the initial steps.
Using the wizard, it took us about 20 minutes to get the EX-750 up and running, with remote users immediately able to connect to our test Lan via a web browser portal. This gives basic access to web apps plus a web-based network browser tool.
Unfortunately that’s about as far as you can get with the wizard and there are few other concessions towards the non-technical when it comes to configuring other features. Still, the supporting documentation is very good and with a little effort there’s a lot more that can be done.
A separate web-based console is used for management, with facilities to delegate tasks and customise the portal by adding logos and changing the text displayed. Users can also be authenticated against an internal database or an external LDAP, active directory or Radius server, assigned to communities and access controls applied at a very granular level.
On Windows clients, for example, we were able to check for an active desktop firewall and anti-virus software before allowing guest access with the option of limiting users to a quarantined subnet if these and other prerequisites weren’t met.
Access can also be managed based on network addresses, access method, date and time and encryption strength. We were also able to make sure that the browser cache was cleaned and other session data removed when users logged off, although only on Windows systems.
ActiveX and Java applets are used to facilitate and control access to network applications and other resources. These can be installed on demand or downloaded from the portal or another server and pre-installed, as required. Users can be given general access or be restricted to specific applications, just as on a traditional VPN solution.
We found the Aventail X-750 quite complicated to configure and small companies looking for basic SSL VPN functionality may find it more than they need. It is, however, a comprehensive solution with clear benefits for organisations that have the technical expertise to take advantage of what it has to offer.
All Wireless
del.icio.us
Digg this
reddit!
