Extensive access control options.
Combing the access control system with the client integrity checks produces a comprehensive security facility.
Nokia's IP380 offers SSL VPN support through its NSAS (Nokia Secure Access System) facility. NSAS administration is browser based, but has a different layout to the "Voyager" system management interface. This is just as easy to use and presents no problems in practice. NSAS can also use the serial interface if required.
NSAS provides logging for gateway operations and user request auditing. There are viewing facilities that can be refined to focus on areas of particular interest, such as authentication failures or a particular user's activities. Logs are maintained in the device, but can also be sent to an external log server.
Users access can be controlled by one or more authentication methods, that are used in sequence until a match is made or the user is denied access.
Access to resources is controlled both by global access rules and individual resource rules. A resource can be globally allowed or denied; in which case no further checking is done, or "deferred" in which the individual resource ACL (Access Control List) is checked.
The online help is generally detailed and well-organized, but can be less than helpful. When looking for help on adding an authentication method, for example, the system advised us to "use the Manage Authentication Methods page to add an authentication method to the gateway." We did find more detailed information in the accompanying documentation.