Review: Aventail's EX-1500SSL VPN Appliances

Do the updates to management, logging and cache-cleaning add up to improvements for this VPN device?

July 9, 2004

3 Min Read
Network Computing logo

When I last tested Aventail's EX-1500 SSL VPN device, I found it lacked several features, including proper cache cleaning and on-demand host scanning. And the appliance's Java port redirect and management interface were difficult to work with (see that review).

To Aventail's credit, the new EX-1500 has an updated user portal, ASAP Workplace 7.1, that improves cache cleaning. It also has useful new management functions and logging facilities, and works with Zone Labs' Integrity Clientless Security scanner and WholeSecurity's Confidence Online host scanner.

I tested the EX-1500 in our Real-World Labs at Syracuse University, and found the improvements to ASAP bring the product up to speed with its competitors and make it an easy-to-use VPN device, with well-thought-out functionality. However, I also found some problems.

For instance, Aventail lacks support for NTLM (Microsoft LAN Manager/NT) authentication, which the company says it will add in the next release. I also had trouble connecting to URLs dynamically generated by JavaScript, and had to use a workaround to access our Lancope StealthWatch and Q1 Labs QRadar anomaly-detection devices until Aventail could provide a fix.

Cache ChangeWeb browsers cache data on the local hard drive--making subsequent page loads faster. However, cached data may stick around after the user has logged off. Aventail's cache control removes cached data, cookies, history, and both temporary and stored passwords. In addition, the cache control can close a browser window after a period of inactivity.

I enabled the cache control for ASAP and configured an inactivity time-out. When I connected to the ASAP Workplace using both Internet Explorer and Netscape Navigator, the Java applet was downloaded and executed before I was directed to the login page. After browsing the Web and closing the browser, the cache was deleted.

Unfortunately, I was able to shut down the cache cleaner easily by opening the Windows Task Manager and halting the cclient.exe process. I kept browsing, but the cache was not cleaned afterward. Aventail says it will fix this in an upcoming release.

Aventail's EX-1500SSL VPN AppliancesClick to Enlarge

Management Updates

Good

Bad

Aventail EX-1500 SSL VPN Appliance 7.1, starts at $9,495 for 25 concurrent users. Aventail Corp., (877) AVENTAIL, (206) 215-1111. www.aventail.com

Managing ACLs (access control lists) can be especially difficult with large lists. With the old device, you had to first define all the objects before you could add an access control rule. With 7.1, Aventail has streamlined the ACL definition process by letting you add objects as needed. Although this isn't ground-breaking, it certainly helps.

Version 7.1 supports multiple authentication realms that define which back-end systems are used to authenticate users. Aventail also has simplified user and group definition on 7.1, with a directory browser. You don't need to use multiple tools to discover the schema definition--the browser presents it in a checkbox format.Aventail also has added some reporting options and support for SNMP traps, but the log files available through the ASAP management interface are in the common log format and, without any processing, are nearly useless for troubleshooting or tracking purposes. Also, the EX-1500 supports only syslog-ng, which uses TCP and not UDP. You must install a syslog-ng server to capture the logs or make manual modifications on the command line.

Mike Fratto is a contributing editor to Network Computing and editor of our sister publication Secure Enterprise. Write to him at [email protected].

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights