Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Secure VPN hardware options

Posted on 2009-04-10
Last Modified: 2013-11-16
Secure VPN solution

 I have been supporting small local business for just over 5 years now in my own business and prior to that I work for International Paper as a network Analyst. During my time with IPaper I was forced to keep all my certs updated and to continually learn new products, since going into business for myself I have not done any of that as most of my client base ranges from 20-40 PCs and most are single-site networks.

 The problem:

 Although I went through the Cisco Network Academy  and passed the CCNA back in 2001
I have not had a need to use the products on a small scale, so I really dont remember the Cisco OS and now find myself with 2 different clients needing greater VPN security.

 One client has recently won a new 10-year contract that stipulates a greater degree of security and the other client is now doing more and more work for the military and has requested greater sure access.

 Currently these site are running the Cisco/Linksys RV042 with everything secure setting maxed out. I probally have about 38-40 of these router in the field and they are really easy to work with and although I have heard nightmares from other techs regarding this line of routers, I myself have had great success and very few returns to Linksys. And for about $145 the price id right in the clients eyes.

Since receiving this new request today I have been looking around and hoping not to have to breakout the Cisco OS books again. One option I wanted to ask you guys about is the Juniper line of routers and specifically the SA2500 SSL VPN Appliance.

Does anyone has experience with Juniper and the SA2500 and if so how easy is it to manage.

 And does anyone have another secure hardware solution that is easily managed without learning a specific OS.

Money is not a problem with both  these clients but I would also like to have another low-cost alternate to the RV042 option that I have been using for the past 5 years.

As always, Im indebted to all the Experts who have help me other the years, I appreciate the effort.  

My best and Happy Easter!

Question by:Magothytech1
LVL 69

Accepted Solution

Qlemo earned 250 total points
ID: 24121471
First of all, SSL VPN do not allow for site-2-site VPNs. If you are after "dial-in" type VPNs with easy access, it's ok. However, I for myself get nuts if a customer mentions he has one of those SSL VPN devices, and we have to use the appropriate "clientless client" - it is a client admin nightmare as it does not work in many cases.

Regarding Juniper SSL I'm on the client site only - and refuse to use it.

I'm a Juniper SSG admin, they allow for IPSec and full security (Deep Inspection, Antivirus, Antispamming, Web filter aso.). Juniper devices in general are not cheap. The WebUI can be used in 99% of the cases, there are some commands which can only be applied via CLI, but they are general configuration commands not needed in most cases.
Which might be important related to military services is that Juniper ScreenOS allows for a FIPS mode, which restricts the settings to high-security subset.

However, as you do not have to learn ScreenOS CLI language, you have to learn something about the concepts it relies on. No big deal.

There are a lot of different opinions about the different devices on the market, as you have seen already with the RV042, and so is with easy management. Just to recall the "big 5": WatchGuard, SonicWall, Juniper, Cisco (ASA/PIX), FortiGate.
LVL 16

Assisted Solution

ccomley earned 250 total points
ID: 24122464
Cam't vouch for (or against) the Juniper.

The Sonicwall SSL-VPN appliances are pretty straightforward to get to grips with. Nice web based GUI, nothing like Cisco IOS to learn and shudder over.

Not clear what you're trying to do though - you SHOULD be aware of the limitations of SSL-VPN. It's intended for remote users accessing host site services. As such its a great deal easier than pre-loading the remote user's machines with IPSec client software, configuring that to match the host, etc.,

BUT if what you want is full site-to-site VPN so Site A network is fully connected to Site B network, SSL-VPN is not your man. You need to look at IPSec for that.

And I'd still look at Sonicwall, as it's pretty straigth forward to both set up and monitor/manage multiple concurrent site to site VPNs.

If you're talking about dozens of remote sites accessing one central site, the central site unit needs to be pretty beefy (NSA240 say) but the remote sites can have units sized appropriately, e.g. a sites with only two or three users needs only take a TZ150, a site with 50 users still only needs a TZ190 or TZ210 unit.


Author Comment

ID: 24136103
Thank you both...I will look into the Sonicwall line. I had a bad experience long ago with their tech support when dealing with a router issue we were hung up on, not one but twice!

 Hopefully things have changed and they may be our solution.
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

LVL 69

Expert Comment

ID: 24163456
If support was a nightmare twice (!), you should honestly consider Juniper. They are helpful, and proud of it. Tech support IS required on complex issues, so this is an important point.

Expert Comment

ID: 24209276
I would like to add in my bad experiences with sonicwall devices.  They are a real pain to use and often times have wierd quirks about them.  We have 3 of them in a test network here and we get issues with passing traffic across them very often.  They are being replaced by cisco security devices in the near future for this reason.  Also, their lack of helpful support hasnt changed much at all.

If you do not want Cisco then I also suggest going with a Juniper solution.  They are pretty robust and not too hard to configure and they do their job well.
LVL 69

Expert Comment

ID: 24212881
Shouldn't you have split points between all contributers?

Author Comment

ID: 24235969
The Sonic Wall answer was what we wew looking for after reviewing your option and then considering the pricing differences we were about to place an order for Sonic Wall and then receiced this review. We don't beleive that in in our network environment Juniper is the solution.

 We never received anything we really needed or a vialble from the group and when being pressured to "Close Open Questions" I looked at the only answer that acutally helped us in any way.

 Now if you are urging me to answer in some other fashion, other than the one tha actually help us then please elt me know how you'd like me to divide and then provide the exact point vaules to each solution and I'll gladly post acordingly.

Make it a good day!

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5512 LAN Config 16 77
Web site adult filtering solutions for a small LAN network 27 150
Event 4625 - Account Name: _ 3 46
Internet link load balancer 6 65
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question