Netgear ProSafe SSL312 review
Small businesses fed up with the complexity of IPsec VPNs will be pleased to know that affordable SSL VPN appliances have arrived. Billion moved into the market recently with the PC Pro Recommended BiGuard S10 (see issue 148, p173), and now Netgear steps in with its SSL312 desktop box.
Whereas the BiGuard S10 offers four switched LAN ports, the SSL312 provides only two network ports, and is designed to be connected to the LAN via one port only and to slot in behind an existing firewall. In this scenario, you’d create a port-forwarding rule on the firewall for HTTPS traffic. However, for testing, we used one port connected to the LAN and the second port configured in a different subnet, with a bunch of workstations behind it acting as remote clients. In this mode, the appliance routes between the two ports, but do be careful, since NAT isn’t performed – the BiGuard S10 offers a full SPI firewall.
The web management interface is easy to use and you first need to sort out user authentication. Along with a local user and group database, the SSL312 supports AD, LDAP, NT domains and RADIUS servers. It’s probably best to define your network resources next, as these will be referred to when setting up access policies. Resources can be a network subnet or individual IP address, and these can be fine-tuned for specific services such as RDP, VNC, Telnet and FTP. Policies control access to network services and can be set at the user and group level, which take precedence over global policies. Usefully, any changes to resources will be propagated across all policies that use them.
Portals can be customised by adding banners and user instructions, and you can decide which services will be displayed for selection. Users can be offered a choice of SSL VPN or port-forwarding tunnels, where the latter uses a lighter ActiveX client. It only supports TCP, but does allow individual applications to be defined by their port number. Either can be fired up from the portal, and then you can select from declared applications and remote access services over RDP or VNC. The Network Places option provides a Windows Explorer-style interface for browsing remote networks, while the Utilities menu includes Telnet and SSH sessions plus an FTP client.
Remote users simply point their web browser at the appliance’s IP address and, on first contact, are prompted to install an ActiveX cache cleaner control followed by Netgear’s secure remote client. If you want an SSL VPN tunnel with the remote network, this will load another ActiveX control, which creates a virtual network adapter that’s assigned an IP address from the pool defined in the appliance. Note, however, that the SSL VPN client doesn’t currently support FireFox.
During testing, we found the appliance simple enough to configure, although we did feel the BiGuard S10 was easier to use. Even so, we had no problems delivering a range of services to our test clients that included options for RDP and FTP to a NAS appliance, plus applications located on our LAN servers. Billion does win out for features, as it also offers URL and packet filtering plus bandwidth management. But, if you want the lowest-cost SSL VPN appliance currently on the market, Netgear is the one for you.