WatchGuards Update Eases Minding The VPN

Version 2.0 speeds the creation of tunnels

Businesses expanding their networks to add VPNs using WatchGuard Technologies Inc.s firewall appliances, including those for the SOHO (small office/home office) market, will find that the latest version of WatchGuard VPN Manager eases the process of making and managing virtual private network connections.

This does not bode well for widespread use of the software, however, because only companies using WatchGuards security appliances will be able to use the updated software.

WatchGuard VPN Manager 2.0, which has been shipping since late January, starts at $995 for as many as four of WatchGuards firewall appliances, which it calls Fireboxes. The price of the VPN management software has not changed from that of Version 1.0.

WatchGuard VPN Manager 2.0 is easier to use than the previous version and gives network administrators expanded management views. The software continues to let administrators enforce security policies and manage IP Security-based VPN tunnels between a centralized server and outside offices, telecommuters at home and mobile workers.

Some competing VPN products, including those from Lucent Technologies Inc., have stronger management features but dont make it as easy as WatchGuard does to set up VPN tunnels. Intel Corp.s NetStructure management software also focuses on VPN policy management rather than easy use and monitoring.

Although WatchGuards efficient Instant VPN process speeds creation of VPN tunnels compared with other VPN management products, WatchGuard VPN Manager does not offer the flexibility of browser-based management that is available in NetScreen Technologies Inc.s VPN management software or several other VPN offerings.

Off to an Easy Start

eWeek labs used Watchguard Manager 2.0 with two Firebox II appliances and one Firebox SOHO appliance (a model aimed at the SOHO market), all on different networks, to test LAN, VPN and dial-up connections for users. Installation was easy and quick, and the software took only 1.64MB of space on the main server.

Our first step was to add the Firebox devices in WatchGuard VPN Managers management console, configuring one of them to act as the Dynamic VPN Configuration Protocol server that stores and serves VPN tunnel information to the rest of the network. Once this information is loaded, the management console can be used to manage and monitor devices from local or remote locations.

Instant VPN is a three-step process for creating VPN tunnels. On the main server we used a point-and-click routine to select the Fireboxes and Firebox SOHO appliance in the VPN and set the security levels for the tunnels. We then supplied information on the various Fireboxes to establish the VPN. The process takes some time, but not compared with manually creating VPN tunnels.

For Firebox management, the console gives administrators a choice of four views. Device View shows all Fireboxes and VPN tunnels and their current statuses; VPN View allows administrators to establish security and policy templates; Log View displays detailed logs for all Fireboxes; and Custom View enables administrators to create a view to suit their own needs, such as a regional or departmental view.