SonicWall's new SSL VPN appliance is intended for businesses with about 500 employees, and includes SSL VPN software that supports two-factor authentication.
This announcement lets SonicWall for the first time compete for larger customers.The SSL-VPN 4000 supports 200 simultaneous VPN sessions. Until now, SonicWall's products -- which had a maximum of 50 concurrent users -- competed only against the low-end products of such vendors as Cisco, Juniper and Aventail. Now it can compete against their midrange devices as well. The company has been selling SSL VPN gear for less than a year.
The Rotman School of Management at the University of Toronto is considering the device to replace the VPN that comes with Windows Server 2003, says Kingson Chan, network support specialist for the school. The cost of the appliance is about the same as the total cost of using Windows Server 2003, but the appliance isn't subject to monthly shutdowns for Microsoft patches, he says.
SonicWall also is announcing a software upgrade that adds support for RSA and Vasco password tokens. This two-factor authentication increases security on the network, because a remote user must supply a valid user name and the password supplied by the token.
The new software also supports one-time passwords of its own. Customers log on, receive a one-time password via e-mail or Short Message Service text message to a cell phone, and enter that password. So as with tokens, customers must have their cell phone with them or be able to access their e-mail account.
The software pushes Java applets or Active X agents to remote machines that let them communicate with Citrix Presentation Server, which makes it possible to secure remote sessions between lightweight Citrix client software and the servers.
With the upgrade, administrators can tighten security on remote devices that are authorized to connect to the VPN. Previously, users could edit the list of applications they were allowed to access when they successfully connected to the VPN. With the new software, administrators can lock down these lists so users cannot alter them.
Another new feature lets customers access Microsoft Outlook Web Access and Lotus Domino Web Access 7.0 without downloading software agents on the remote machines. Instead of agents, upgrades to the software on the VPN appliances themselves rewrite the Web pages associated with those mail programs so the pages can successfully cross the VPN.
As with other SonicWall SSL VPN appliances, customers can set up the SSL-VPN 4000 in concert with SonicWall Pro or TZ firewalls to screen traffic. To allow incoming encrypted traffic through the firewall's SSL ports, the appliance terminates the SSL tunnel and diverts unencrypted traffic back to the firewall. There it can be scanned for viruses and spyware before being sent along to its destination.
The SSL-VPN 4000 is available and costs US$7,000, which includes a license for 200 concurrent users. There is no per-user fee.