SonicWALL Aventail SRA EX-6000 review
IPsec VPNs are rapidly losing ground to SSL VPNs as remote access solutions for mobile workers, as the latter are easier to deploy and manage, and require virtually no client configuration. SonicWALL’s EX appliances take this to the next level, offering enterprise level access controls while keeping deployment simple.
The EX-6000 handles 250 concurrent connections, and the web interface has a wizard that takes you through network configuration, certificate generation and encryption. Equipped with version 10 of SonicWALL’s SRA software, you also get help in creating a basic test security policy complete with local user accounts, resources and access control rules.
Realms determine how users are authenticated and what agents they can use. Each requires an authentication server and you can choose from LDAP, AD, RADIUS and PKI. We had no issues with our Server 2003 R2 AD system and were able to use the search facility to import users and groups directly.
Network resources range from a domain or IP address range to a subnet, web URL or UNC path for a shared file or folder. Specific web applications are defined using profiles and you can pass them each user’s logon details for a single sign-on service, or use static credentials for all users.
The Smart Access feature scans the system a user has logged in from and decides on the most secure form of access. If the system is deemed secure then web browser access is allowed, but you can force the OnDemand Java proxy agent to be downloaded, which uses port forwarding. The Windows Connect agent provides the best security as it stops data being written to local devices.
You can use SonicWALL’s End Point Controls to check a remote system to see whether attributes such as personal antivirus or firewall programs, an application, directory, file or a registry key are present. When a user has been authenticated, their system is scanned for these and the results determine whether they’re allowed standard browser access or require an agent be deployed.
This latest version adds plenty of new features with the appliance’s LCD display and control pad. The web interface provides better overviews of realms so you can see clearly what authentication servers, communities, zones and agents are associated with them. Vista x64 clients also get a look in, but it doesn’t include support for the OnDemand or Connect Tunnel agents.
Remote users are presented with the tidy Aventail Workplace portal where they select their realm and provide login details, and it can be customised to suit different realms and users.
While initial outlay is high for SMBs, the EX-6000 shows why SSL VPNs are better than IPsec VPNs for remote access to network resources. Deployment is simple, access controls are extensive and the Smart Access feature makes light work of securing end points – no matter where they are.