PortWise SSL VPN
$16,000 for 50 concurrent users
Strengths: Suit large distributed environments.
Weaknesses: Some browser-dependent checks are clumsy and unreliable.
Verdict: Very good platform for enterprise users.
The product has some good points, but makes one mistake several times: it trusts the browser too much. For example, the product is licensed to specific hostnames, but we could not connect to the web GUI using the box’s assigned IP address because it is actually checking for the hostname in the browser request, something which is very easy to fake and hence pretty pointless.
Later, we saw something similar in “device definitions” which tie into endpoint control, but amount to checking browser user agents, again something which is easily (and commonly) faked.
PortWise sports far and away the most comprehensive list of authentication schemas we have seen, and you can configure them in many ways. Users can be imported from delimited files, and the software provides good help on how best to format the files.
In general, the help is excellent, despite its dreadful system of multiple browser window pop-ups.
This is the only product on test to support role-based admin. Configurations can be “published” to other PortWise systems, but must be manually activated by an administrator there.
Endpoint security requires an ActiveX control, and can clean up specific types of files, delete the browser cache, and provide data about the local files, registry, network, process, and Windows runstate. It can also coordinate policies via a policy server.
There are plenty of options for filtering and mapping connections for setting up web applications. Again the help is good, but lacks specific examples.
The system also has a lot of resources preconfigured, such as Exchange, Domino and Citrix, which is very good.