Learn how to a build a cloud-first strategyRegister Now


Secure VPN hardware options

Posted on 2009-04-10
Medium Priority
Last Modified: 2013-11-16
Secure VPN solution

 I have been supporting small local business for just over 5 years now in my own business and prior to that I work for International Paper as a network Analyst. During my time with IPaper I was forced to keep all my certs updated and to continually learn new products, since going into business for myself I have not done any of that as most of my client base ranges from 20-40 PCs and most are single-site networks.

 The problem:

 Although I went through the Cisco Network Academy  and passed the CCNA back in 2001
I have not had a need to use the products on a small scale, so I really dont remember the Cisco OS and now find myself with 2 different clients needing greater VPN security.

 One client has recently won a new 10-year contract that stipulates a greater degree of security and the other client is now doing more and more work for the military and has requested greater sure access.

 Currently these site are running the Cisco/Linksys RV042 with everything secure setting maxed out. I probally have about 38-40 of these router in the field and they are really easy to work with and although I have heard nightmares from other techs regarding this line of routers, I myself have had great success and very few returns to Linksys. And for about $145 the price id right in the clients eyes.

Since receiving this new request today I have been looking around and hoping not to have to breakout the Cisco OS books again. One option I wanted to ask you guys about is the Juniper line of routers and specifically the SA2500 SSL VPN Appliance.

Does anyone has experience with Juniper and the SA2500 and if so how easy is it to manage.

 And does anyone have another secure hardware solution that is easily managed without learning a specific OS.

Money is not a problem with both  these clients but I would also like to have another low-cost alternate to the RV042 option that I have been using for the past 5 years.

As always, Im indebted to all the Experts who have help me other the years, I appreciate the effort.  

My best and Happy Easter!

Question by:Magothytech1
LVL 71

Accepted Solution

Qlemo earned 1000 total points
ID: 24121471
First of all, SSL VPN do not allow for site-2-site VPNs. If you are after "dial-in" type VPNs with easy access, it's ok. However, I for myself get nuts if a customer mentions he has one of those SSL VPN devices, and we have to use the appropriate "clientless client" - it is a client admin nightmare as it does not work in many cases.

Regarding Juniper SSL I'm on the client site only - and refuse to use it.

I'm a Juniper SSG admin, they allow for IPSec and full security (Deep Inspection, Antivirus, Antispamming, Web filter aso.). Juniper devices in general are not cheap. The WebUI can be used in 99% of the cases, there are some commands which can only be applied via CLI, but they are general configuration commands not needed in most cases.
Which might be important related to military services is that Juniper ScreenOS allows for a FIPS mode, which restricts the settings to high-security subset.

However, as you do not have to learn ScreenOS CLI language, you have to learn something about the concepts it relies on. No big deal.

There are a lot of different opinions about the different devices on the market, as you have seen already with the RV042, and so is with easy management. Just to recall the "big 5": WatchGuard, SonicWall, Juniper, Cisco (ASA/PIX), FortiGate.
LVL 17

Assisted Solution

ccomley earned 1000 total points
ID: 24122464
Cam't vouch for (or against) the Juniper.

The Sonicwall SSL-VPN appliances are pretty straightforward to get to grips with. Nice web based GUI, nothing like Cisco IOS to learn and shudder over.

Not clear what you're trying to do though - you SHOULD be aware of the limitations of SSL-VPN. It's intended for remote users accessing host site services. As such its a great deal easier than pre-loading the remote user's machines with IPSec client software, configuring that to match the host, etc.,

BUT if what you want is full site-to-site VPN so Site A network is fully connected to Site B network, SSL-VPN is not your man. You need to look at IPSec for that.

And I'd still look at Sonicwall, as it's pretty straigth forward to both set up and monitor/manage multiple concurrent site to site VPNs.

If you're talking about dozens of remote sites accessing one central site, the central site unit needs to be pretty beefy (NSA240 say) but the remote sites can have units sized appropriately, e.g. a sites with only two or three users needs only take a TZ150, a site with 50 users still only needs a TZ190 or TZ210 unit.


Author Comment

ID: 24136103
Thank you both...I will look into the Sonicwall line. I had a bad experience long ago with their tech support when dealing with a router issue we were hung up on, not one but twice!

 Hopefully things have changed and they may be our solution.
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

LVL 71

Expert Comment

ID: 24163456
If support was a nightmare twice (!), you should honestly consider Juniper. They are helpful, and proud of it. Tech support IS required on complex issues, so this is an important point.

Expert Comment

ID: 24209276
I would like to add in my bad experiences with sonicwall devices.  They are a real pain to use and often times have wierd quirks about them.  We have 3 of them in a test network here and we get issues with passing traffic across them very often.  They are being replaced by cisco security devices in the near future for this reason.  Also, their lack of helpful support hasnt changed much at all.

If you do not want Cisco then I also suggest going with a Juniper solution.  They are pretty robust and not too hard to configure and they do their job well.
LVL 71

Expert Comment

ID: 24212881
Shouldn't you have split points between all contributers?

Author Comment

ID: 24235969
The Sonic Wall answer was what we wew looking for after reviewing your option and then considering the pricing differences we were about to place an order for Sonic Wall and then receiced this review. We don't beleive that in in our network environment Juniper is the solution.

 We never received anything we really needed or a vialble from the group and when being pressured to "Close Open Questions" I looked at the only answer that acutally helped us in any way.

 Now if you are urging me to answer in some other fashion, other than the one tha actually help us then please elt me know how you'd like me to divide and then provide the exact point vaules to each solution and I'll gladly post acordingly.

Make it a good day!

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question