Remote Access VPN Buyer's Guide: SonicWALL - Page 3

E-Class SRA appliances offer flexible-yet-secure mobile access, governed by unified policies.

 By Lisa Phifer
Page 3 of 3   |  Back to Page 1
Print Article

Flexible Connection Alternatives

All E-Class SRA users connect securely over SSLv3 or TLSv1, protected by IT's choice of encryption (e.g., DES, 3DES, RC5, AES) and integrity (e.g., MD5, SHA) algorithms. However, when it comes to client-side requirements and application support, the devil is in the details – specifically, the way in which the appliance connects users to resources. Aventail E-Class SRA appliances offer several connection methods, selected automatically based upon configured policy and endpoint type/capability.


According to Dieckman, traditional SSL VPN access can be delivered through a web portal – for example, presenting links that users click on to launch a Citrix nFuse or RDP session or access a fileshare. "From there we have other alternatives," he said.


"If they need more than web, we can provide layer 3 tunneling through dynamic installation of a client with controlled access to authorized resources. For mobile devices (including iPhone, Android, and Symbian), we can proxy Active Sync connections through a web portal, letting users reach their Exchange Server over a secure connection."


However, Dieckman said that most SonicWALL Aventail customers use ConnectTunnel – a persistent client that resides on Windows or MacOS or Linux endpoints. This option gives users on trustworthy endpoints greater access – for example, to support VoIP. But those users are not limited to just those endpoints. "We determine dynamically what kind of access each user and endpoint gets. For example, our On-Demand tunnel can be auto-launched for users when they into our WorkPlace Portal from other machines."


Bottom Line

SonicWALL's Aventail E-Class SRA products are in many ways "classic SSL VPN" appliances. Aventail was ahead of the curve when it first implemented many of the features described above, in part because the company focused on simplifying and extending secure access without trying to wedge VPN into a broader network portfolio. As a result, these VPN appliances support a relatively broad set of endpoints and applications, independent of network type.


However, after acquiring Aventail, SonicWALL introduced Clean VPN – a bundled solution that combines an E-Class SRA appliance with a SonicWALL Next Generation firewall to provide deep packet inspection and IPS on VPN traffic, before it is permitted to enter the enterprise network. This kind of integration is becoming increasingly important as more application traffic rides over port 80, and will no doubt continue to evolve along with SonicWALL's entire collection of security products.


To learn more about SonicWALL products, visit Aventail E-Class SRA.



Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. With over 25 years in the network industry, Lisa has reviewed, deployed, and tested network security products for nearly a decade.

This article was originally published on Jun 14, 2011
Get the Latest Scoop with Networking Update Newsletter