F5 Fortifies SSL VPN Security

F5 Networks Inc. (Nasdaq: FFIV) is scheduled to unveil enhancements to two of its SSL VPN products today -- its FirePass 1000 and 4000 models.

The first and most important enhancement aims to prevent remote users with potential security problems, such as inadequate virus protection, from gaining full access to the corporate network. The FirePass conducts "client integrity checking" to see whether a remote user's client has an effective security policy. If it doesn't but it passes a more basic security check, the administrator can restrict access to a "quarantine network.""This is good news for users: It will increase people's level of confidence in rolling out SSL VPNs," says Jeff Wilson, principal analyst of Infonetics Research Inc.

Other vendors have also been busy in this area. F5s competitor, Aventail Corp., also offers a client security check on its EX 1500 offering, although the company does not provide a specific quarantine network. Instead, users that have failed the check can be emailed information about security upgrades.

Juniper Networks Inc. (Nasdaq: JNPR), together with NetScreen Technologies Inc. (Nasdaq: NSCN), offers "host checker control" on its Secure Access Series of products to verify client security. It also provides a feature called "dynamic access privilege management," which allows a network administrator to dictate which resources a user can see after the host-check.

The second enhancement of F5's FirePass products widens its potential market by enabling Macintosh and Linux clients to handle any IP application. In contrast, Aventail and Juniper/Netscreen’s equivalent offerings targeting Macintosh and Linux clients can only handle applications using TCP connections.Analysts' opinions are mixed on the importance of this development. Wilson is positive. "This suggests that the market is maturing -- and they will be able to cover more and more of peoples’ requirements," he says. “The thing that handicaps SSL VPN a lot of the time is that vendors cannot support every situation.”

Eric Hemmendinger, research director for security and privacy at Aberdeen Group Inc., is dubious, pointing out that Mac and Linux probably account for less than 10 percent of desktops.

Dore Rosenblum, director of product marketing at F5, avers that Macintosh and Linux support is important in some market segments. “It opens up certain verticals, like publishing and education,” he says.

FirePass, it should be noted, is something of a blast from the past. It was once the flagship product of uRoam, which was acquired by F5 last year in a $25 million deal. Now F5 appears to be making good on the promise it made to develop FirePass at the time of that acquisition (see F5 Buys uRoam, Reports Strong Q3).

Other new FirePass features unveiled today include improved protection from infected files and enhanced security on public systems such as kiosks.— James Rogers, Site Editor, Next-gen Data Center Forum