Nokia Secure Access System
Strengths: Far more network features than just SSL VPN.
Weaknesses: Integration with third-party tools like endpoint clients is lacking.
Verdict: For its low price, a very impressive box indeed.
Being a Nokia network platform, it can be configured to death – most of the networking options can be ignored in environments like our SSL test, but you can do VLANs, quality of service, link aggregation, packet filtering, you name it. Even full-on IPsec, which means this really is an all-round platform with some interesting possibilities. It ships with hardware SSL acceleration.
Initial configuration is done via the console, and once the network is set up, the web GUI takes over. This is a very old-school looking interface – no nonsense and ugly, but very practical. We liked it a lot, apart from the box starting with insecure access by default. Unencrypted http and telnet? Oh dear.
Starting the SSL VPN service actually means using an entirely different interface, which cleverly moves the normal Nokia GUI to a different port. Neat, if your remote administrators are expecting it. We prefer to choose interface and port assignments.
We liked the ability to import and export configurations as plain text files, as well as user lists.
The SSL VPN services are comprehensive. Every user and group can be configured to access specific web, file, email and port forwarding resources. A handy single sign-on feature is provided, but strangely does not synchronize with the actual user login page, so the user has to login in at least twice to use it.
The endpoint security scans are easy to configure: a Java agent checks for specific files, and has preconfigured profiles for specific AV engines. And you can custom-build variables that can be passed to and from scripts.
A secure connector provides tunneling, with an option for a client firewall to prevent bridging across a split tunnel. A secure workspace cleans up files after the connection is terminated.
We were not surprised to see a good offering from Nokia. Maybe some specific application support for other products is missing, but we were able to conduct all our tests without fuss, and liked the presentation very much.