Aventail was probably the first company to conceive and market the idea of the clientless SSL VPN. However it has only recently brought out its own hardware appliance that does such a job.
The EX-1500 is based on version six of the company's ASAP (Anywhere Secure Access Policy) VPN platform.
Setting up proved easy - another matter of putting the box in a rack, plugging in a couple of cables to the internal and external parts of the network and some initial configuration via the appliance's serial port. The rest of the setting up is done via a web browser on port 8443.
The start up screen is very much a hand-holding affair, as part of the configuration page is given over to a step-by-step guide to getting the VPN box working within the infrastructure. Here we could change network settings, configure server certificates and define the method of authentication. Again there were no headaches here - just a matter of following the instructions.
Afterwards we were asked to create an access policy, users and groups, and personal links that users and groups will use to access network resources via the browser. All was pretty clear and uncomplicated, although we would have preferred to have the option to tie in users and groups with some kind of directory, such as Active Directory or NDS. We have been told by the company that this facility will appear in the next versions (available from November 1).
When accessing the VPN as a user, there are three different ways of logging onto the network: the clientless approach via the browser, using a Java-based (semi-clientless) access method or a fully-fledged configurable client. Aventail states that there are some circumstances where the use of a client is necessary to access the enterprise-class client/server applications that many users need. Most SSL VPNs only support web and simple server applications, and not these enterprise-class ones.
Setting up a client is a pain at the best of times with IPsec VPNs as they do not always work in the way vendors say they should. It was a different story here, as more hand-holding by the appliance meant that setting up an installer package for the road warrior was dead easy and meant that the ordinary user could download the executable as an email attachment and have it running in seconds.
Overall the product proved to be a good one and secure enough in all forms of access methods and though its well thought-out access policies.