Category: SSL VPN
Product:SonicWALL SSL-VPN 4000
Vendor:SonicWALL
Price: Starts at $6,995
SonicWALL steps up to the enterprise market with the affordable
SSL-VPN 4000 appliance, offering secure clientless remote access to
files, shares and applications.
Support for port-forwarding applications, such as Citrix, puts
SonicWALL in league with industry stalwarts. Moreover, SonicWALL
has no per-tunnel licensing fees or restrictions on concurrent
users, making it even more attractive to growing organizations. The
SSL-VPN 4000 supports up to 200 concurrent connections and includes
support for two-factor authentication, such as RSA Security
tokens.
Configuration/Management: A
Using the administrator's guide, we were able to log on to the
appliance within minutes. All major browsers and OSes are
supported.
SonicWALL's familiar easy-to-use Web-based console gave us
instant access to major features, each offering a subset of
functionalities.
For example, the network tab includes access to the interfaces,
DNS, network paths, host resolution and network objects--all
straightforward. After basic network settings, we quickly set up
services to which we would provide secure remote access: HTTP,
HTTPS, terminal services (Java and ActiveX), VNC, FTP, Telnet, SSH
(versions 1 and 2), file shares and Citrix Portal. Objects can be
defined by a solitary IP address or a network segment. Setting up
individual users and groups was equally effortless. The 4000
supports user authentication via LDAP, Active Directory, NT and
RADIUS.
Policy control: A
We were impressed with the granular policy control, which let us
assign access privileges at the user, group and global levels.
We were able to delineate authentication to our AD server, so
that domain members were automatically assigned the policies and
access privileges of their associated group.
Policies are granular and highly accessible. A single window
enabled us to assign general settings, such as enabling single
sign-on using SSL VPN credentials, creating individual policies for
network objects, IP addresses and ranges, and server paths, such as
for Citrix. In addition, we were able to set up detailed login
policies, such as one-time passwords sent via email and logins from
specific IP addresses or defined browsers.
Effectiveness: A
We were extremely satisfied with SonicWALL's interoperability,
including the product's Web access to email, files and Web-based
applications.
Additionally, the NetExtender thin client can be automatically
downloaded and installed to provide access to email using client
software installed on remote machines and non-Web-based
applications, such as CRM systems and proprietary software.
We simulated a variety of scenarios that tested the granularity
of policy features, such as allowing global access to email while
limiting access to specific file shares and applications.
Reporting: C+
The VPN lacks a comprehensive view. Interface statuses are under
the system tab, active user sessions are under the users tab, and
viewing events requires going to the log tab.
Logging is very basic, although it supports syslog and can email
logs and alerts to a single address.
Verdict
SonicWALL SSL-VPN 4000 is an affordable and capable appliance for
mid-sized enterprises.
Testing methodology
We tested SonicWALL SSL-VPN 4000 on a simulated Windows-based
enterprise network behind a third-party firewall. Remote access was
tested from a variety of laptops and remote machines, running an
assortment of operating systems and Web browsers.
This product review originally appeared in the January 2007
edition of Information Security magazine.