Remote LAN access is what most businesses now crave. Satisfying that craving, however, can be both expensive and complicated, especially when it comes to mobile users where specialist encryption software is needed to use most VPN (Virtual Private Network) solutions.

But not if it's SSL-based, like the SonicWALL SSL-VPN 200, which requires no client software because it uses the SSL (Secure Socket Layer) encryption provided by browsers instead.

There are lots of SSL VPN appliances about, most aimed at large corporates with deep pockets. That, though, isn't the case with the SSL-VPN 200, which can support up to 10 concurrent user sessions and be bought for under £300. It's also designed to sit behind an existing firewall which, if also from SonicWall, can add extra filtering and deep packet inspection. However, that's not compulsory and any firewall able to re-direct incoming Web traffic can be used if you want.

Unfortunately, installation can take a while as it's nearly all manual and the documentation biased to use with SonicWALL firewalls. Neither is it made clear why there were five Ethernet ports when only one is used in most deployment scenarios. Answer: the SSL-VPN 200 shares its hardware with other SonicWALL products and the other ports aren't normally required, but it takes a bit of digging to find this out.

Still, armed with a little bit of knowledge and a lot of perseverance we did get the box up and running and once that's achieved the rest is very easy indeed. Mainly because there's not strictly any need for client software, although there are times when there is, about which more later.

Instead, all you have to do is point a browser at the public IP address mapped to the appliance by the firewall and then logon to the Web portal this provides, a portal through which you can both browse network shares and run applications.

Users are authenticated against an internal list or an external service such as Radius, an NT domain, Active Directory, or LDAP, and access to resources strictly controlled using pre-defined polices. For example, you can limit network browsing and similarly assign so-called bookmarks (shortcuts to specific network applications) to named users or user groups. Restrictions can also be applied by IP address plus you can also use your own wording on the portal, customise the interface, and replace the default SonicWALL logo with one of your own.

Behind the scenes the SSL-VPN 200 is effectively acting as a proxy, using the SSL encrypted HTTPS protocol to communicate with the remote user PCs. And to do that it has to download ActiveX and Java applets to the browser involved so, strictly speaking, isn't really client-less at all. It just appears that way as most of the proxies can be installed transparently and removed again when done with. You can even set the software to purge the browser cache when a session ends so that no traces are left behind.

On the downside, the number of proxies provided is strictly limited. Applets are available to handle network shares, access Telnet, SSH and FTP servers and support remote control using either Microsoft Remote Desktop Protocol (RDP) or VNC, but that's about it. Sufficient for quite a lot of customers, while for more general access a more obvious client agent, called NetExtender, is required.

Unlike a traditional VPN client the NetExtender agent doesn't have to be installed in advance. Users simply click on a link in the portal and follow the instructions to download and install themselves. However, it behaves like an ordinary client and any TCP/IP application can make use of the encrypted tunnels it provides, even VoIP. Plus it can also be configured to start independently of the client browser and to exit and uninstall itself when the session is finished. So again, little in the way of day to day management is required.

Compared to a traditional VPN solution an SSL-based product like the SSL-VPN 200 is much, much easier to deploy. In addition the SonicWALL product is a lot cheaper than most, with a big brother model available should the 10-user limit not be enough.

You do need to know a little about digital certificates to get the best out of the product but we liked it. We liked it a lot and found it both easy to manage and efficient at what it did. So much so that, if remote access is what you crave, we can heartily recommend checking it out.

Verdict
By taking advantage of the SSL encryption provided by Internet Explorer and other browsers, the SonicWALL SSL-VPN 200 doesn't need special client software, making it easier to manage compared to a traditional remote access solution. Users simply connect via a Web portal to browse network shares and run applications remotely. Comprehensive access controls are also provided along with a more general self-service VPN client, if required.

Company: SonicWALL

Contact: 0800 0280 488

Tags: virtual private network transport layer security sonicwall security ipsec firewalls products point-to-point tunneling protocol