?
Solved

Secure VPN hardware options

Posted on 2009-04-10
11
Medium Priority
?
475 Views
Last Modified: 2013-11-16
Secure VPN solution

 I have been supporting small local business for just over 5 years now in my own business and prior to that I work for International Paper as a network Analyst. During my time with IPaper I was forced to keep all my certs updated and to continually learn new products, since going into business for myself I have not done any of that as most of my client base ranges from 20-40 PCs and most are single-site networks.

 The problem:

 Although I went through the Cisco Network Academy  and passed the CCNA back in 2001
I have not had a need to use the products on a small scale, so I really dont remember the Cisco OS and now find myself with 2 different clients needing greater VPN security.

 One client has recently won a new 10-year contract that stipulates a greater degree of security and the other client is now doing more and more work for the military and has requested greater sure access.

 Currently these site are running the Cisco/Linksys RV042 with everything secure setting maxed out. I probally have about 38-40 of these router in the field and they are really easy to work with and although I have heard nightmares from other techs regarding this line of routers, I myself have had great success and very few returns to Linksys. And for about $145 the price id right in the clients eyes.

Since receiving this new request today I have been looking around and hoping not to have to breakout the Cisco OS books again. One option I wanted to ask you guys about is the Juniper line of routers and specifically the SA2500 SSL VPN Appliance.

Does anyone has experience with Juniper and the SA2500 and if so how easy is it to manage.

 And does anyone have another secure hardware solution that is easily managed without learning a specific OS.

Money is not a problem with both  these clients but I would also like to have another low-cost alternate to the RV042 option that I have been using for the past 5 years.

As always, Im indebted to all the Experts who have help me other the years, I appreciate the effort.  

My best and Happy Easter!


0
Comment
Question by:Magothytech1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 70

Accepted Solution

by:
Qlemo earned 1000 total points
ID: 24121471
First of all, SSL VPN do not allow for site-2-site VPNs. If you are after "dial-in" type VPNs with easy access, it's ok. However, I for myself get nuts if a customer mentions he has one of those SSL VPN devices, and we have to use the appropriate "clientless client" - it is a client admin nightmare as it does not work in many cases.

Regarding Juniper SSL I'm on the client site only - and refuse to use it.

I'm a Juniper SSG admin, they allow for IPSec and full security (Deep Inspection, Antivirus, Antispamming, Web filter aso.). Juniper devices in general are not cheap. The WebUI can be used in 99% of the cases, there are some commands which can only be applied via CLI, but they are general configuration commands not needed in most cases.
Which might be important related to military services is that Juniper ScreenOS allows for a FIPS mode, which restricts the settings to high-security subset.

However, as you do not have to learn ScreenOS CLI language, you have to learn something about the concepts it relies on. No big deal.

There are a lot of different opinions about the different devices on the market, as you have seen already with the RV042, and so is with easy management. Just to recall the "big 5": WatchGuard, SonicWall, Juniper, Cisco (ASA/PIX), FortiGate.
0
 
LVL 17

Assisted Solution

by:ccomley
ccomley earned 1000 total points
ID: 24122464
Cam't vouch for (or against) the Juniper.

The Sonicwall SSL-VPN appliances are pretty straightforward to get to grips with. Nice web based GUI, nothing like Cisco IOS to learn and shudder over.


Not clear what you're trying to do though - you SHOULD be aware of the limitations of SSL-VPN. It's intended for remote users accessing host site services. As such its a great deal easier than pre-loading the remote user's machines with IPSec client software, configuring that to match the host, etc.,

BUT if what you want is full site-to-site VPN so Site A network is fully connected to Site B network, SSL-VPN is not your man. You need to look at IPSec for that.

And I'd still look at Sonicwall, as it's pretty straigth forward to both set up and monitor/manage multiple concurrent site to site VPNs.

If you're talking about dozens of remote sites accessing one central site, the central site unit needs to be pretty beefy (NSA240 say) but the remote sites can have units sized appropriately, e.g. a sites with only two or three users needs only take a TZ150, a site with 50 users still only needs a TZ190 or TZ210 unit.

0
 

Author Comment

by:Magothytech1
ID: 24136103
Thank you both...I will look into the Sonicwall line. I had a bad experience long ago with their tech support when dealing with a router issue we were hung up on, not one but twice!

 Hopefully things have changed and they may be our solution.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 70

Expert Comment

by:Qlemo
ID: 24163456
If support was a nightmare twice (!), you should honestly consider Juniper. They are helpful, and proud of it. Tech support IS required on complex issues, so this is an important point.
0
 
LVL 1

Expert Comment

by:Hotwaffles
ID: 24209276
I would like to add in my bad experiences with sonicwall devices.  They are a real pain to use and often times have wierd quirks about them.  We have 3 of them in a test network here and we get issues with passing traffic across them very often.  They are being replaced by cisco security devices in the near future for this reason.  Also, their lack of helpful support hasnt changed much at all.

If you do not want Cisco then I also suggest going with a Juniper solution.  They are pretty robust and not too hard to configure and they do their job well.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24212881
Shouldn't you have split points between all contributers?
0
 

Author Comment

by:Magothytech1
ID: 24235969
The Sonic Wall answer was what we wew looking for after reviewing your option and then considering the pricing differences we were about to place an order for Sonic Wall and then receiced this review. We don't beleive that in in our network environment Juniper is the solution.

 We never received anything we really needed or a vialble from the group and when being pressured to "Close Open Questions" I looked at the only answer that acutally helped us in any way.

 Now if you are urging me to answer in some other fashion, other than the one tha actually help us then please elt me know how you'd like me to divide and then provide the exact point vaules to each solution and I'll gladly post acordingly.

Make it a good day!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question