Offer your customers a confident recommendation of an easy-to-use VPN appliance after reading this review, which...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
originally appeared in Information Security magazine, of Corrent's SR110 SSL VPN Web Security Gateway with Check Point Connectra 2.0.
Corrent's SR110 SSL VPN Web Security Gateway
with Check Point Connectra 2.0
Price: Starts at $11,700 for hardware and software license
Corrent's SR110 SSL VPN Web Security Gateway, an appliance running Check Point Software Technologies' Connectra 2.0 SSL virtual private network software, offers easy administration, an intuitive client experience and strong security. However, the SR110 is priced in the upper tier of VPN appliances.
The Connectra software provides point-and-click administration through a well-designed Web interface. User authentication may be managed through the internal Connectra user database, but enterprises will prefer to integrate with LDAP, RADIUS and SecurID systems for authentication and authorization. We used Connectra's LDAP interface to perform authentication against Active Directory.
The Web-based process for adding applications is straightforward. For example, to add a Web application, we simply specified the name and location of the application and the desired protection level (a combination of allowable authentication techniques and caching status). The SSL Network Extender ActiveX control, a Connectra Web plug-in, allows the use of any network-based Windows application. It tunnels endpoint traffic over SSL. We used the SR110 to access a Windows Server 2003 file server, an Exchange 2000 Web Outlook server, an IMAP server (using the Connectra integrated client) and several Web-enabled apps.
Clients are presented with the Connectra portal, which provides a consolidated view of authorized apps.
Connectra leverages Check Point's experience in perimeter security by integrating the Smart-Defense network and application security controls. Network security controls include protection against DoS attacks (such as Teardrop and LAND), TCP/IP protocol-based attacks and network probes; application controls include inspection of HTTP and FTP traffic. The controls stopped several of our URL-based attacks, as well as a SQL injection attack against a Web-based form.
The wizard-based installation was smooth, taking about an hour from opening the box to establishing client connections. The installation guide provides detailed instructions for a variety of network configurations, including template firewall rules necessary for installing the appliance in a DMZ. The SR110 has six Ethernet ports, two of which support Gigabit Ethernet.
We were disappointed with Connectra's lack of Firefox client browser support, but Web portal access is available through IE, Mozilla, Netscape and Safari. SSL Network Extender functionality is limited to IE on Windows 2000/XP.
The SR110's steep price may discourage some enterprises. The $3,700 cost of Corrent's appliance combined with the $8,000 cost of a 50-user Connectra license from Check Point (which increases to $30,000 for 250 users) makes the price tag soar far above some established competitive products. For example, a Cisco VPN 3005 concentrator (which supports 50 SSL VPN sessions) lists at $2,995, and $35,000 will purchase a Cisco VPN 3060, which supports 500 clientless Web sessions.
Price notwithstanding, an appliance that incorporates ease of use for admins and users and strong security offered by Connectra merits consideration for secure access to enterprise applications.
About the Author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.
This review originally appeared in Information Security magazine.