Introduction
At a Glance | |
---|---|
Product | Sonicwall SSL-VPN 200 Appliance (SSL-VPN 200) |
Summary | Entry level SSL VPN gateway supporting SSL proxy and IPsec tunnel connections |
Pros | Works with both IE and Firefox No per-use licensing Vista support for VPN client |
Cons | Unequal local > remote and remote > local throughput Support plan ($) required for firmware updates after 90 days |
We previously looked at rolling your own SSL VPN and Netgear's SSL-312 as affordable ways for SOHO / SMB users to explore the SSL alternative to IPsec VPN gateways. This time, I'll look at Sonicwall's entry-level SSL-VPN 200 appliance.
The 200 is Sonicwall's entry-level SSL gateway with ten recommended maximum concurrent users. Also available are the 2000 and 4000 models that have recommended maximum concurrent users of 50 and 200 users respectively. In a departure from Sonicwall's usual per-user license model, all the SSL VPN's come with unrestricted users licenses. So if you want to try loading them beyond the recommended maximums you can have at it. But as you'll see later, the recommendations are probably reasonable, if not a bit optimistic.
The 200 provides secure remote access via two main methods. Proxies are provided for HTTP, HTTPS, FTP, SSH (V1 or V2), Telnet, RDP (via ActiveX control or Java applet), VNC and Windows File Sharing (Windows SMB/CIFS). The proxies provide remote access to these services via IE or Firefox running on any OS. For other TCP/IP-based applications, you use what Sonicwall calls NetExtender. I'll let Sonicwall explain:
NetExtender is a SonicWALL SSL-VPN client for Windows that allows users to run TCP/IP-based applications securely on the companys network. NetExtender is downloaded transparently and uses a Point-to-Point Protocol (PPP) adapter instance to negotiate ActiveX controls.
NetExtender first queries whether the ActiveX component is present, and if not, allows the user todownload and install it. When installed, NetExtender allows users to tunnel to the remote network and virtually join the remote network in order to mount drives, upload and download files, and access resources in the same way as if they were on the local network.
The 200's silver and blue metal enclosure is designed for utility and has mounting screw slots on the bottom and plenty of vent holes on each side. The indicators and connectors are shown in Figure 1 below.
Figure 1: SSL-VPN 200 Front and Rear Panels
Figure 2 shows that the 200 is based on a proprietary Sonicwall CPU joined with a Cavium XL Security Acceleration Board (PDF link). The Cavium spec sheet rates the board at 200 Mbps "IPsec performance" and 1750 (1024 bit exp) SSL TPS (Transactions Per Second). While this sounds impressive, we'll see later that actual performance doesn't have numbers that large.
The 200's Status page reports 128 MB of RAM and 16 MB of Flash, which is the same as contained in Netgear's SSL-312. All five 10/100 Ethernet ports are handled by the Micrel KSZ8995XA switch chip. Note the absence of heatsinks, which didn't seem to be needed for cool operation.