Aventail Smart SSL VPN
Strengths: Good GUI, broad support for endpoint security client software.
Weaknesses: Nothing worth mentioning.
Verdict: Strong product with no major flaws and plenty of room to grow.
Before we got started we did have a problem with the network configuration, and an Aventail engineer walked us through a very simple shell (via SSH) restore process, which accommodates accidental use by allowing rollback even after a factory-reset has completed without a previous snapshot having been taken.
We had no further problems, and were pleased to see that such a strong web GUI is coupled with a good set of shell tools, too.
Authentication realms are set up (covering LDAP, local users, Active Directory, Radius, certificates, SecurID and other tokens), and then communities of users. Netegrity SiteMinder can be used to achieve single sign-on from a VPN user across other services.
Every service you configure in the browser interface has excellent context data, and cross-links to items you might need to address.
Aventail is one of the vendors integrating with Sygate’s endpoint control software, and also offers WholeSecurity and ZoneLabs. These are used to place incoming users into security zones based on their system configuration, which then establishes policies for cleaning up remote machines and required local AV software. Put together, it is a very comprehensive set of endpoint tools.
A Java or Active X application allows port forwarding and, with specific configuration, supports Macs and Linux systems, too. This handles thin-client work, while tunneling (including split tunnels) is provided by another, more limited, module. But the interface does do a very good job of specifying which modules work with Java or ActiveX, and which need special handling.
Overall, the EX-1500 is a good remote access platform, with a very well thought-out management front-end which will help organizations get up and running quickly and easily.