Recommendations for SSL VPN Appliance?

We've got two VPN solutions we're looking to consolidate and refresh on.  One is Nortel Contivity IPSEC VPN - a 2600 and 1600.  Most of the company (1000 users) uses it with a Contivity client.

Other one is V One Smartgate (now AEP) - which is sort of a reverse proxy VPN which also requires a client - but can do access control lists and tunnel via 443.  It's server based.

Desires:

Consolidate onto standardized appliance platform with 2 appliances at main site, 1 in a lab, 1 at DR site.  All 4 to be sized the same.  Desire SSL VPN capability with minimal client - or java/activeX client download once which can either be deleted or left in place.  Also need IPSEC capabilities - namely branch office tunnel capability.

Recommendations?
LVL 27
pseudocyberAsked:
Who is Participating?
 
jabiiiCommented:
I would NOT use Caymas for sure, I did a comparison of the Caymas products vs the F5 and the Juniper and the Caymas didn't hold a candle, even though their Reps where telling us how they where the best/first etc in the SSL field. That was not the case.  However the Juniper and F5 where both very good.


but you might want to look at these
AEP - Networks Netilla Security Platform http://www.aepnetworks.com/products/ssl_vpn/nsp/overview.htm?brl
Array Networks - SPX5000 http://www.arraynetworks.net/products/SPX5000.asp?brl
Aventail - EX-1500 http://www.aventail.com/products/appliances/ex_1500.asp?brl
CheckPoint - Connectra http://www.checkpoint.com/products/connectra/index.html?brl
F5 Networks - FirePass 4140 http://www.f5.com/products/FirePass/?brl
Fortinet - Fortigate 3600 http://www.fortinet.com/doc/FGT3600DS.pdf?brl
Juniper Networks - Secure Access SSL VPN Appliance 6000 http://www.juniper.net/products/ssl/
Nokia - Secure Access System 500s http://www.nokiausa.com/business/security/1,8189,vpn,00.html
Nortel - VPN Gateway 3070 http://products.nortel.com/go/product_content.jsp?parId=0&segId=0&catId=-9460&prod_id=53021&locale=en-US
SonicWall - SSL-VPN 2000 http://www.sonicwall.com/products/ssl-vpn2000.html?brl


here are some reviews
Independent reviews -
http://sslvpn.breakawaymg.com/sslvpn/product_reviews.php
http://mediaproducts.gartner.com/reprints/juniper/article2/article2.html
http://www.networkworld.com/best/2006/022706security-infrastructure.html (Many)
http://www.networkworld.com/reviews/2005/121905-ssl-test-intro.html (11)
http://www.infoworld.com/article/06/02/03/74831_06TCsslvpn_1.html (FirePass vs. Aventail)
0
 
BLipmanCommented:
If you definitely want SSL over IPSec then check this out:

http://www.citrix.com/English/ps2/products/product.asp?contentID=15005

I do tons of work with Citrix and their other products; this is one I have always wanted to try.  Citirx is a market leader in Server Based Computing, secure remote access, and whatnot.  
0
 
pseudocyberAuthor Commented:
We have Citrix servers here already.  Is this different than "standard citrix"?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
BLipmanCommented:
---This is an appliance that is more for policy based protocol filtering I think; here is a blurb from Citrix:

The best SSL VPN to use with Citrix Presentation Server
Citrix Access Gateway can be deployed with or without Citrix Presentation Serve™. Customers using Presentation Server can deploy the Access Gateway to emulate the secure gateway feature, allowing direct connection from Presentation Server clients. Using the Access Gateway with Citrix Presentation Server delivers the benefits of a hardened appliance-based universal SSL VPN, increasing security and extending user access.

Enhance SmartAccess to Citrix Presentation Server by delivering advanced policy-based control of Presentation server applications and individual features, such as print and save. SmoothRoaming™ enhancements allow users to move seamlessly between access scenarios and devices, automatically adapting access to the configuration policy settings.

---Here is some info from their FAQ:

How is the Access Gateway different from other SSL VPNs in the market?
 
 A The Citrix® Access Gateway provides users and IT administrators with all of the advantages of both IPSec VPNs and SSL VPNs, and none of the shortcomings.  This means users do not have to think about starting, stopping, reconnecting or different modes, and administrators do not face the significant IT burden of a typical SSL VPN deployment.  
SSL VPNs use a complex and confusing mixture of four essentially inoperable technologies — Web proxying, application translation, port forwarding and network extension — to attempt to accomplish secure remote access.  However, because each of these technologies has different benefits and limitations, the administrator and user must decide which technology to configure and use in different situations.  This leads to a great deal of complexity, maintenance and management.  In addition, many organizations continue to maintain an IPSec VPN deployment for applications that are not supported by any of the four SSL VPN technologies, further increasing the administrative burden and costs.  

In contrast, the Access Gateway combines into a single product the functionality of all four SSL VPN technologies and the benefits of IPSec VPNs as well, simplifying secure remote access for both administrators and users without compromising security.
 
0
 
uberpoopCommented:
Before you go saying 'the best SSL VPN is XXX'.... you really must check out Caymas products...
www.caymas.com
They rock.
I have installed these in various types of places (gov agencies, ecommerce companies, banks, etc) and everyone loves them...
True simple SSL VPN, with superb accounting capabilities (because you want to know what the users are doing, and prove it)...

Also easily integrates with Radius, Active Directory, RSA keys, etc etc...

And as far as security, trust me.... several gov agencies you never hear about in the news are running Caymas boxes...

They used to have a FREE TRIAL program...
where the engineer would bring a caymas box, install it, setit up with you, and leave it for a month...
I never had a company not buy it.


Oh also, does java/activex... also does do IPsec for tunnel to branch sites.
Really a great appliance all the way around.
0
 
pseudocyberAuthor Commented:
Thanks guys.  Sorry for forgetting about this question.
0
 
jabiiiCommented:
no sweat Pseudo :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.