Secure Planet VPN 2 review
For secure site-to-site and client-to-site communications, IPsec VPNs are hard to beat. But they still suffer from a reputation of being difficult to implement and support. Many security appliance vendors have made great efforts to simplify them, but this had led to considerable competition from SSL VPN appliances. There’s another alternative, as Secure Planet offers an IPsec VPN solution that’s designed to be easy to implement and priced to suit a wide range of businesses.
We looked at this software when it was first released and were particularly impressed by its ease of use. This latest version doesn’t really improve on the overall experience with the main changes occurring in the way it implements VPNs. The software now defaults to implementing IPsec over TCP rather than UDP, which should mean a reduction in firewall configuration. Some extra diagnostic tools have been included, while the user help files have been improved.
The installation and deployment routines are just as simple. Two components are required, with the Gateway managing all incoming connection requests, encryption and user authentication. Its bold interface is easy to navigate and configuration is simple. You start by adding details of the registered company name and specifying a pool of IP addresses to be assigned to inbound connection requests. Domain-authentication support requires the Gateway system to be a domain member, as these details are picked up during installation. You can control access more strictly by creating and declaring new domain groups to the Gateway that contains those users with VPN access.
The Gateway defaults to the AES encryption algorithm but you can select the stronger 3DES if you’re prepared to take a small hit on overall performance. The Gateway must be registered at the Secure Planet website before it will accept incoming connections. Once this is completed, it generates a special matrix comprising 20 two-character groups to use during the client-enrolment phase.
Support departments will be pleased that the bulk of client deployment tasks can be passed on to the users themselves. Once the matrix is generated, the Gateway creates a document for emailing to users that contains instructions on how to run the client and enroll with the Gateway. It’s quite easy, as the user downloads and installs the client from the Secure Planet website and it runs the enrolment phase automatically. The user enters the IP address of the Gateway, which downloads the matrix but with two spaces blank. Using the document, they fill in the gaps and provide user credentials. If authenticated, they then supply a passphrase that’s used on all subsequent logins. Plenty of information is provided at the Gateway about authenticated and connected users, along with session durations and incoming and outgoing traffic.
We’ve had plenty of feedback from companies saying that security appliance vendors are making more effort, resulting in IPsec VPNs becoming easier to use. Even so, the Secure Planet method is the simplest we’ve come across for providing secure remote access and it has the added bonus of not requiring any additional hardware.