SonicWall SRA EX6000
Strengths: Swift deployment, intuitive management interface, good access controls and client security, Smart Access endpoint scanning
Weaknesses: Appliance not the best value
Verdict: SonicWall offers an enterprise-level SSL VPN solution that is easy to deploy and delivers tough security measures and controls for remote access to network resources
SSL VPNs are the preferred method of providing secure remote access to network resources as they are far easier to deploy than IPsec VPNs and need almost no client configuration at all. SonicWALL's Aventail EX family of appliances focuses on mid-sized businesses and enterprises and aim to deliver a comprehensive range of network access controls.
The EX6000 represents the middle ground in this family and can handle up to 250 concurrent connections. This 1U rack appliance has a reasonable hardware spec comprising a 2GHz single-core Intel Celeron, partnered by 1GB of DDR2 memory. The network connections are handled by a quartet of Gigabit ports at the front, with one set aside for high availability functions.
The latest version (10.0) of SonicWALL's SRA software adds a range of features which include activation of the LCD panel and control pad. Previously, this only showed hardware errors but can now be used to set up basics such as network addresses and gateways.
Installation sets off to a cracking pace. You point a web browser at the appliance's default IP address and you're presented with a quick-start wizard that takes you through configuring network parameters, commercial or self-signed certificates and encryption methods. The wizard can also help set up a test security policy with user accounts, resources and access controls.
The appliance classes network resources under three main groups, with the first defining web resources that run over http or https. Next up are client and server resources which define applications that run over TCP/IP and lastly you have file shares.
To secure access to these resources you use realms to determine how users are authenticated and access allowed. The appliance supports multiple realms, so you can have a selection of authentication methods ranging from LDAP and AD to Radius and PKI.
We opted for AD authentication where we could add users by calling up the search facility and importing users. When users access the login portal they are presented with multiple realms and it's easy to hide realms so only users that know their identity can log on to them.
A key feature of the SRA appliances is communities, which are used to ease management by grouping sets of users who have similar requirements with access control restrictions and permissions. Each realm can have multiple communities where you select users and pick your access methods.
Resources are declared as network objects and can range from web URLs, IP address ranges, subnets and domains to Citrix server farms and full UNC paths for file shares. We found these easy to create and were able to define resources for our internal web, FTP and mail servers and could place shortcuts for users on the Aventail Workplace portal for easy access.
When defining specific applications you use profiles; and single sign-on can be implemented by passing a user's login details directly to the application.
When setting up access control restrictions, if you opt for any software agent it will activate the Smart Access feature, which scans the client's system. It uses device profiles for Windows, Macintosh, Linux and Windows Mobile systems and contains attributes such as personal anti-virus or firewall software, specific applications, a directory, file or even a registry key.
Users will find the Aventail Workplace web portal a pleasant experience where they are presented with shortcuts to permitted applications and network resources and can be allowed to create their own shortcuts. Mobile workers can have the OnDemand agent load when they access the Workplace and closing it will log them out of any active applications. The Connect Tunnel and Mobile utilities prevent data being written to local hard disks, while the Cache Control cleans out temporary files, history, cookies and passwords.
The EX6000 is a powerful SSL VPN appliance that impresses with its swift deployment and ease of use. It delivers an excellent range of access controls and security measures and this latest version brings even more to the table.