SSL VPNs make network remote access convenient for users and IT staff while reducing the deployment complexities often associated with more-established IP Security VPN products.
eWEEK Labs recently tested two Secure Sockets Layer VPN appliances—Aventails EX-2500 and F5 Networks FirePass 4100. Our tests show that these appliances are, indeed, easier to set up than their IPSec cousins.
However, among the most compelling reasons to consider using an SSL VPN is the ease of securing access at the application layer, rather than at the network layer, as IPSec VPNs do.
While this meant a little more configuration time during our tests—in terms of setting up resources such as file shares, Web-based applications and client/server applications so they would be available when users accessed the network—there is no doubt that our network security was more tightly controlled as a result.
Our tests of the SSL VPN appliances showed a distinct reliance on agents that were either downloaded or even preinstalled on end-user systems.
However, the SSL VPNs centralized policy tools made it much easier than with IPSec VPNs to repair these clients, to make centralized changes to the way that groups of users accessed resources and to prevent users from unauthorized data access.
IT managers will see increasing choices in SSL VPN-based technology in the near future, with more focus on endpoint checking to ensure that only secure, correctly configured devices gain access to the network.
Technical Director Cameron Sturdevant can be reached at [email protected].