Businesses expanding their networks to add VPNs using WatchGuard Technologies Inc.s firewall appliances, including those for the SOHO (small office/home office) market, will find that the latest version of WatchGuard VPN Manager eases the process of making and managing virtual private network connections.
This does not bode well for widespread use of the software, however, because only companies using WatchGuards security appliances will be able to use the updated software.
WatchGuard VPN Manager 2.0, which has been shipping since late January, starts at $995 for as many as four of WatchGuards firewall appliances, which it calls Fireboxes. The price of the VPN management software has not changed from that of Version 1.0.
WatchGuard VPN Manager 2.0 is easier to use than the previous version and gives network administrators expanded management views. The software continues to let administrators enforce security policies and manage IP Security-based VPN tunnels between a centralized server and outside offices, telecommuters at home and mobile workers.
Some competing VPN products, including those from Lucent Technologies Inc., have stronger management features but dont make it as easy as WatchGuard does to set up VPN tunnels. Intel Corp.s NetStructure management software also focuses on VPN policy management rather than easy use and monitoring.
Although WatchGuards efficient Instant VPN process speeds creation of VPN tunnels compared with other VPN management products, WatchGuard VPN Manager does not offer the flexibility of browser-based management that is available in NetScreen Technologies Inc.s VPN management software or several other VPN offerings.
Off to an Easy Start
eWeek labs used Watchguard Manager 2.0 with two Firebox II appliances and one Firebox SOHO appliance (a model aimed at the SOHO market), all on different networks, to test LAN, VPN and dial-up connections for users. Installation was easy and quick, and the software took only 1.64MB of space on the main server.
Our first step was to add the Firebox devices in WatchGuard VPN Managers management console, configuring one of them to act as the Dynamic VPN Configuration Protocol server that stores and serves VPN tunnel information to the rest of the network. Once this information is loaded, the management console can be used to manage and monitor devices from local or remote locations.
Instant VPN is a three-step process for creating VPN tunnels. On the main server we used a point-and-click routine to select the Fireboxes and Firebox SOHO appliance in the VPN and set the security levels for the tunnels. We then supplied information on the various Fireboxes to establish the VPN. The process takes some time, but not compared with manually creating VPN tunnels.
For Firebox management, the console gives administrators a choice of four views. Device View shows all Fireboxes and VPN tunnels and their current statuses; VPN View allows administrators to establish security and policy templates; Log View displays detailed logs for all Fireboxes; and Custom View enables administrators to create a view to suit their own needs, such as a regional or departmental view.
WatchGuard VPN Manager 2
.0″>
WatchGuard VPN Manager 2.0
USABILITY |
A |
CAPABILITY |
C |
PERFORMANCE |
B |
INTEROPERABILITY |
C |
MANAGEABILITY |
A |
For companies interested in creating VPNs that include WatchGuards firewalls and appliances used in small offices and home offices, WatchGuard VPN Manager 2.0 software takes the pain out of VPN implementation and management.
SHORT-TERM BUSINESS IMPACT // WatchGuards updated VPN management software lets network administrators quickly create IPSec-compliant VPN tunnels to secure transmissions between telecommuters, mobile workers and the central office.
LONG-TERM BUSINESS IMPACT // Because this software is easily implemented from a centralized location, administrators can spend more time on mission-critical areas.
Allows quick IPSec VPN tunnel creation; provides more flexible views of the firewalls and appliances being monitored than Version 1.0 of this software.
Not compatible with other vendors security appliances; less flexible than browser-based management.
WatchGuard Technologies Inc., Seattle; (206)521-8340; www.watchguard.com
Labs
-Eye View”>
Labs-Eye View
By Henry Baltazar
Over the past few years, many companies have fallen for the seductive marketing of appliances.
Just as the word “appliance” suggests, products like WatchGuard Technologies Inc.s VPN and firewall appliances can typically be configured in a couple of minutes and usually require very little IT skill to set up, a trait that endears them to IT managers who dont have the staff and the travel budget to send staff to every remote office.
The problems, however, occur when these simple appliances proliferate throughout the corporate network, because most appliance vendors—especially those that sell network-attached storage devices—do not provide any sort of remote management consoles to monitor their products.
WatchGuards VPN Manager software is a step in the right direction, but in a perfect world, remote management would be built into each product as opposed to being an option that IT managers have the privilege of purchasing.