SonicWALL's SSL VPN appliance

SonicWALL SSL-VPN 4000 is an affordable and capable appliance for mid-sized enterprises says our expert

Category: SSL VPN
Product:SonicWALL SSL-VPN 4000
Vendor: SonicWALL
Price: Starts at $6,995

SonicWALL steps up to the enterprise market with the affordable SSL-VPN 4000 appliance, offering secure clientless remote access to files, shares and applications.

Support for port-forwarding applications, such as Citrix, puts SonicWALL in league with industry stalwarts. Moreover, SonicWALL has no per-tunnel licensing fees or restrictions on concurrent users, making it even more attractive to growing organizations. The SSL-VPN 4000 supports up to 200 concurrent connections and includes support for two-factor authentication, such as RSA Security tokens.

Configuration/Management: A
Using the administrator's guide, we were able to log on to the appliance within minutes. All major browsers and OSes are supported.

SonicWALL's familiar easy-to-use Web-based console gave us instant access to major features, each offering a subset of functionalities.

For example, the network tab includes access to the interfaces, DNS, network paths, host resolution and network objects--all straightforward. After basic network settings, we quickly set up services to which we would provide secure remote access: HTTP, HTTPS, terminal services (Java and ActiveX), VNC, FTP, Telnet, SSH (versions 1 and 2), file shares and Citrix Portal. Objects can be defined by a solitary IP address or a network segment. Setting up individual users and groups was equally effortless. The 4000 supports user authentication via LDAP, Active Directory, NT and RADIUS.

Policy control: A
We were impressed with the granular policy control, which let us assign access privileges at the user, group and global levels.

We were able to delineate authentication to our AD server, so that domain members were automatically assigned the policies and access privileges of their associated group.

Policies are granular and highly accessible. A single window enabled us to assign general settings, such as enabling single sign-on using SSL VPN credentials, creating individual policies for network objects, IP addresses and ranges, and server paths, such as for Citrix. In addition, we were able to set up detailed login policies, such as one-time passwords sent via email and logins from specific IP addresses or defined browsers.

Effectiveness: A
We were extremely satisfied with SonicWALL's interoperability, including the product's Web access to email, files and Web-based applications.

Additionally, the NetExtender thin client can be automatically downloaded and installed to provide access to email using client software installed on remote machines and non-Web-based applications, such as CRM systems and proprietary software.

We simulated a variety of scenarios that tested the granularity of policy features, such as allowing global access to email while limiting access to specific file shares and applications.

Reporting: C+
The VPN lacks a comprehensive view. Interface statuses are under the system tab, active user sessions are under the users tab, and viewing events requires going to the log tab.

Logging is very basic, although it supports syslog and can email logs and alerts to a single address.

SonicWALL SSL-VPN 4000 is an affordable and capable appliance for mid-sized enterprises.

Testing methodology
We tested SonicWALL SSL-VPN 4000 on a simulated Windows-based enterprise network behind a third-party firewall. Remote access was tested from a variety of laptops and remote machines, running an assortment of operating systems and Web browsers.

This product review originally appeared in the January 2007 edition of Information Security magazine.

Read more on IT risk management