Name: Celestix RAS3000 (IPsec VPNs)
- Easily integrated into existing Windows networks.
- Its concentration on Windows systems might prevent its use in more diverse networks.
- A capable system with comprehensive management facilities.
SC Labs Reviews
Reviews from our expert team
The RAS3000 is a dedicated VPN appliance in a 1U height rack-mountable chassis.
The system is aimed at small and medium-sized enterprises and uses Microsoft’s Windows 2003 Server operating system.
Celestix provides a printed installation guide that claims it will get the system up and running within 30 minutes. However, it would be advisable to spend time reading the guide and planning the installation beforehand. The guide assumes that the system will be operating in a network using either Windows domains or Active Directory services. Its step-by-step approach makes it easy to configure a working system when used with the quick start pages in the browser-based administration interface.
The browser-based management interface is easy to use and gives access to most of the administration facilities. The management interface offers both context-sensitive help and a general help facility.
The administration pages display security-conscious warnings about accessing certain data over an ordinary HTTP connection, and suggest using HTTPS instead.
There are extensive logging and alerting facilities, and it is possible to set the system to launch application programs to handle any situations that need immediate action as well as generating appropriate email messages for these and other conditions. The system passed our port scan tests with no unexpected results.
Although the device would normally be deployed alongside a firewall device, it still retains the firewall capabilities of Windows 2003 Server. The device’s default configuration is as a stateful firewall, although it is possible to change the settings for any interface to suit local requirements. Combining these settings with the detailed security options available can result in a system with very strict access rules indeed.
These security features make it possible to control connections by specifying IP addresses, encryption types, time of day and type of traffic allowed. While the system would normally use the access-control facilities available through Active Directory, it does also support local user and group authentication using passwords.