[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Recommendations for SSL VPN Appliance?

Posted on 2006-04-13
Medium Priority
Last Modified: 2012-06-27
We've got two VPN solutions we're looking to consolidate and refresh on.  One is Nortel Contivity IPSEC VPN - a 2600 and 1600.  Most of the company (1000 users) uses it with a Contivity client.

Other one is V One Smartgate (now AEP) - which is sort of a reverse proxy VPN which also requires a client - but can do access control lists and tunnel via 443.  It's server based.


Consolidate onto standardized appliance platform with 2 appliances at main site, 1 in a lab, 1 at DR site.  All 4 to be sized the same.  Desire SSL VPN capability with minimal client - or java/activeX client download once which can either be deleted or left in place.  Also need IPSEC capabilities - namely branch office tunnel capability.

Question by:pseudocyber
  • 2
  • 2
  • 2
  • +1
LVL 19

Expert Comment

ID: 16446357
If you definitely want SSL over IPSec then check this out:


I do tons of work with Citrix and their other products; this is one I have always wanted to try.  Citirx is a market leader in Server Based Computing, secure remote access, and whatnot.  
LVL 27

Author Comment

ID: 16446440
We have Citrix servers here already.  Is this different than "standard citrix"?
LVL 19

Assisted Solution

BLipman earned 600 total points
ID: 16447154
---This is an appliance that is more for policy based protocol filtering I think; here is a blurb from Citrix:

The best SSL VPN to use with Citrix Presentation Server
Citrix Access Gateway can be deployed with or without Citrix Presentation Serve™. Customers using Presentation Server can deploy the Access Gateway to emulate the secure gateway feature, allowing direct connection from Presentation Server clients. Using the Access Gateway with Citrix Presentation Server delivers the benefits of a hardened appliance-based universal SSL VPN, increasing security and extending user access.

Enhance SmartAccess to Citrix Presentation Server by delivering advanced policy-based control of Presentation server applications and individual features, such as print and save. SmoothRoaming™ enhancements allow users to move seamlessly between access scenarios and devices, automatically adapting access to the configuration policy settings.

---Here is some info from their FAQ:

How is the Access Gateway different from other SSL VPNs in the market?
 A The Citrix® Access Gateway provides users and IT administrators with all of the advantages of both IPSec VPNs and SSL VPNs, and none of the shortcomings.  This means users do not have to think about starting, stopping, reconnecting or different modes, and administrators do not face the significant IT burden of a typical SSL VPN deployment.  
SSL VPNs use a complex and confusing mixture of four essentially inoperable technologies — Web proxying, application translation, port forwarding and network extension — to attempt to accomplish secure remote access.  However, because each of these technologies has different benefits and limitations, the administrator and user must decide which technology to configure and use in different situations.  This leads to a great deal of complexity, maintenance and management.  In addition, many organizations continue to maintain an IPSec VPN deployment for applications that are not supported by any of the four SSL VPN technologies, further increasing the administrative burden and costs.  

In contrast, the Access Gateway combines into a single product the functionality of all four SSL VPN technologies and the benefits of IPSec VPNs as well, simplifying secure remote access for both administrators and users without compromising security.
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.


Assisted Solution

uberpoop earned 600 total points
ID: 16450452
Before you go saying 'the best SSL VPN is XXX'.... you really must check out Caymas products...
They rock.
I have installed these in various types of places (gov agencies, ecommerce companies, banks, etc) and everyone loves them...
True simple SSL VPN, with superb accounting capabilities (because you want to know what the users are doing, and prove it)...

Also easily integrates with Radius, Active Directory, RSA keys, etc etc...

And as far as security, trust me.... several gov agencies you never hear about in the news are running Caymas boxes...

They used to have a FREE TRIAL program...
where the engineer would bring a caymas box, install it, setit up with you, and leave it for a month...
I never had a company not buy it.

Oh also, does java/activex... also does do IPsec for tunnel to branch sites.
Really a great appliance all the way around.

Accepted Solution

jabiii earned 800 total points
ID: 16520621
I would NOT use Caymas for sure, I did a comparison of the Caymas products vs the F5 and the Juniper and the Caymas didn't hold a candle, even though their Reps where telling us how they where the best/first etc in the SSL field. That was not the case.  However the Juniper and F5 where both very good.

but you might want to look at these
AEP - Networks Netilla Security Platform http://www.aepnetworks.com/products/ssl_vpn/nsp/overview.htm?brl
Array Networks - SPX5000 http://www.arraynetworks.net/products/SPX5000.asp?brl
Aventail - EX-1500 http://www.aventail.com/products/appliances/ex_1500.asp?brl
CheckPoint - Connectra http://www.checkpoint.com/products/connectra/index.html?brl
F5 Networks - FirePass 4140 http://www.f5.com/products/FirePass/?brl
Fortinet - Fortigate 3600 http://www.fortinet.com/doc/FGT3600DS.pdf?brl
Juniper Networks - Secure Access SSL VPN Appliance 6000 http://www.juniper.net/products/ssl/
Nokia - Secure Access System 500s http://www.nokiausa.com/business/security/1,8189,vpn,00.html
Nortel - VPN Gateway 3070 http://products.nortel.com/go/product_content.jsp?parId=0&segId=0&catId=-9460&prod_id=53021&locale=en-US
SonicWall - SSL-VPN 2000 http://www.sonicwall.com/products/ssl-vpn2000.html?brl

here are some reviews
Independent reviews -
http://www.networkworld.com/best/2006/022706security-infrastructure.html (Many)
http://www.networkworld.com/reviews/2005/121905-ssl-test-intro.html (11)
http://www.infoworld.com/article/06/02/03/74831_06TCsslvpn_1.html (FirePass vs. Aventail)
LVL 27

Author Comment

ID: 16841226
Thanks guys.  Sorry for forgetting about this question.

Expert Comment

ID: 16843695
no sweat Pseudo :)

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question