Info Request - SSL VPNs 1

[CaptainCommandLine]

I posted a similar question in another forum but did not get any bites (at least not yet). I'm hoping I'll have better luck here...

I'm researching SSL VPN products... I have experience with Juniper's IVE products but am looking for comments from system administrators of other solutions. I did find a "Magic Quadrant for SSL VPNs" article on Gartner's website (

http://www.gartner.com/technology/media-products/reprints/citrix/163232.html)

but it was posted back on 12/11/2008. Are Juniper (IVE), Citrix (CAG), and F5 (FirePass) still considered the leaders in SSL VPNs? If anyone has experience with these or others, I'd appreciated hearing your perspective on things like ease of administration, auditing capabilities, flexibility, etc. Do you like the solution you have? Are the user and administrative interfaces intuitive? How is technical support when you have problems/questions? etc. etc. Thanks!

 

[unclerico]

I've used WatchGuard (not by choice, it is terrible!!), Array Networks (very nice, easy admin), and of course the Cisco SSL VPN product which I implemented to replace that damn WatchGuard. I've heard great things about both the Juniper and Citrix products, but I haven't had a chance to use them.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[CaptainCommandLine]

Thanks unclerico! My experience with the Juniper IVE is that it is a very flexible and robust product. It also provides detailed audit logs on user activity, which is a major plus. I have a need to upgrade Juniper hardware and, before I recommend to management spending the money to do so, I just want to make sure that they're still one of the leaders. Citrix is definitely a consideration for me but my primary concerns with Citrix CAG are cost and learning curve. (If someone out there has experience with CAG, I'd love to hear about!) Have you been happy with the Cisco product and was it difficult to setup?

 

[unclerico]

The Cisco product offering is great. Now, I've been using Cisco products for years so it was easy for me to setup. The ASDM (GUI) is there for you if you don't have the CLI time, but to be honest the only reason I use the ASDM is to do portal customizations and configure the Secure Desktop Manager. I really like the fact that you have the option of doing both the AnyConnect SSL VPN Client (SVC) and the WebVPN (clientless VPN). You can do VNC, RDP, ICA, HTTP, FTP, and CIFS access (and probably a few others that I forgot here) all from the WebVPN portal. The portal itself is fully customizable and you can have a different portal for each connection profile (i.e. one portal with access to certain apps for internal users, a different portal with access to certain apps for contractors, etc). If I was you I would get in contact with your VAR and see if they'll let you do a proof-of-concept. I refuse to buy anything without being able to do a POC first.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[CaptainCommandLine]

Excellent! Thanks for the follow up. You've peaked my interest. One of my gripes with Juniper is that you cannot modify user profiles administratively (unless that has changed in recent releases). For example, if a user attempts to setup an RDP session and messes it up, the only way to fix it for them is to sign-on using their credentials. Can you administratively modify user profiles in the Cisco product? Also, does it provide detailed logging of user and administrator activities? Thank you, again.

 

[psi07004]

Take a look at the Sonicwall products. You can have an SSL VPN as part of a total solution (Ex: TZ210) or a separate device such as a the SSL VPN-2000. Plenty of models to choose from depending upon performance needs and price point.

http://www.sonicwall.com