X-IP Mobile VPN Appliance
Unique appliance aimed at securing wireless access to enterprise infrastructure.
Better documentation needed to make things easier.
Will be a must for enterprises and their wireless user base.
Many companies are looking to secure their networks from wardriving attacks and the current advice is to put a VPN behind a wireless access point. With this in mind, the following product should be ideal. The aim of the product is to secure access to network infrastructure from wireless clients using the wireless transport layer security (WTLS) protocol, which is a wireless version of SSL.
The X-IP came pre-configured and ran a patched-up version of Windows 2000 Advanced Server. Much of the configuration was done before we got our hands on the box, so really what we were left to do was re-configure our network and test boxes to see the box and access it.
Most of the work of setting up the users had to be done on the box itself. It differed from the other products on test, as there was no configuration via a web browser or serial port. This meant connecting a monitor and keyboard to the box itself. The company says this is a security feature to stop reconfiguration over the network.
After that we set up certificates for export. These were to be used by the wireless devices to install the VPN clients on our wireless-enabled laptop; a certificate was needed for each device. Here we noted a major drawback; there was only client support for Windows 2000 and PocketPC. This could really be a hindrance to enterprises that may have standardized on other OS/handheld devices. We hope to see support for a diversity of platforms in later versions.
The appliance handles all the authentication processes and also supports RSA and DSA authentication. There is a lot of encryption going on, so the software tries to compress as much as possible. Despite that, it cannot get over the fact that wireless is slow, so throughput was not the best on test but reasonable enough in the context of wireless.
Getting the client up and running was by no means easy, and the manual did not make things as crystal clear as they could have been. Running a batch file or installation script could automate things and cut down the amount of time getting things in place, and we believe this will be added in future releases. We did eventually get things going but we felt the experience might put off almost all but the brave.
But aside from that it is just about the only VPN on the market dedicated to securing wireless links so is still worth consideration.