Symantec Clientless VPN Gateway 4460
$10,245; $17,990 inc. 50 licenses
It is possible to produce highly flexible and complex security rules to match most requirements.
Some features can only be used from the command line interface.
A flexible system that addresses the business need for secure remote access from a mix of clients.
The Symantec 4460 device provides two 10/100/1000 copper network interfaces in a 2U height rack mountable chassis. The front panel contains an LCD screen and a four-button control group is used for the initial IP set-up, so there is no fiddling about with serial cables.
The unit does have a serial port for those who want to use unencrypted access.
After configuring the interface, the system generates and displays the password to be used to access the unit's administration functions afterwards. This password changes whenever changes are made from the front panel.
The device would normally be administered either by using a web browser over an SSL-encrypted connection or by using a Secure Shell (SSH) client.
Although the graphical interface gives control over the more commonly used functions, the only way to get access to all aspects of the system is through the command line interface, and the documentation reflects this. Setting up security parameters and users is fairly simple, and it is possible to test and validate security settings while setting them up, which saves time and effort later on by helping to eliminate potential problems early on in the process.
Security structures with users, groups and roles can produce complex relationships, and the system provides a tree diagram of these as they are configured, which helps to clarify things. The system's on-line help is page-related rather than context-sensitive but still manages to display relevant and useful information. The system uses combinations of simple and advanced rules to control access to resources. Simple rules can handle most requirements, while advanced rules use regular expressions to provide more detailed and complex control.
The system provides access to resources through a combination of portal web pages and Java applets running in the client browser.
There are statistics enough to gratify anyone, with dynamically updated performance graphs and log analysis features for all aspects of the system's operation, with support for an external syslog server.