Based on technology acquired from SafeWeb, the Linux-based VPN is designed for IT managers who want secure access without the hassle of deploying client software.

Gregg Keizer, Contributor

February 2, 2004

3 Min Read

Symantec on Monday unveiled a clientless virtual private network (VPN) gateway designed for providing secure remote access to enterprise network via the Web. The Symantec Clientless VPN Gateway 4400 series, fruit of last October's acquisition of SafeWeb, which sold its line of remote access appliances under the Tsunami brand name, targets companies that don't want the administrative headache of rolling out VPN clients to connect their outside-the-perimeter workers or partners to enterprise files and applications.

"SafeWeb had some momentum in the marketplace," said Howard Lev, product manager at Symantec, "and although we've discontinued the Tsunami line, we wanted to extend that momentum with our own stand-alone appliance." Symantec will try to move existing Tsunami customers over to its own family of VPN gateways, although it will continue support of the SafeWeb hardware.

In some ways, Symantec sees its gateways as a stop-gap measure, a way to get its foot in the door. Within a year, said Lev, the company will integrate the clientless VPN technology into its own Symantec Gateway Security appliance, which now provides firewall, intrusion detection, anti-virus, content filtering, anti-spam, and IPsec-based VPN tools. Buyers of the Clientless VPN Gateway boxes will be offered an upgrade path to Symantec Gateway v3 when it releases, Lev promised.

When they ship Feb. 20, Symantec's Clientless VPN Gateway 4400 line will be composed of two models: the 1U-format 4420 and the 2U-sized 4460, which allow up to 350 and 1,000 concurrent VPN sessions, respectively.

Both appliances rely on a hardened version of Linux operating system, and protect data between the remote user and the network with banking-grade encryption, said Lev.

Remote users can access both Web- and non-Web applications on the network using the gateway, said Lev. "The 4400 series allows remote access through the firewall using SSL technology, and without having to install a client [on the remote system]," he said.

The Clientless VPN Gateway supports Web VPN (reverse proxy) technology, port forwarding for accessing most TCP/IP based applications, and Layer 3 VPN tunneling, and offer DES/3DES, 128- and 256-bit AES keys, and RC5 encryption.

Any SSL-enabled device, including desktops, laptops, and some mobile devices, can reach out to the enterprise network via Symantec's new gateways. Both Windows Mobile 2003 and Palm-based devices can connect now; Microsoft SmartPhone support is planned for a later date.

Network administrators can set granular levels of access through a Web-based console, defining rights based on roles and setting users' opening screens so that only those applications which they can access are displayed. To access non-Web-based applications -- the enterprise's e-mail system, for instance -- the gateway automatically transfers a small Java applet to the remote machine to handle port forwarding; the applet is discarded after the session.

Symantec's banking on its all-in-one pricing model to entice corporate customers. "We're including everything with the base appliance," said Lev. "There's no need to buy add-ons, such as port forwarding, which competitors charge extra for."

The gateway's sticker price includes a year's maintenance program, telephone support, and upgrade insurance, which provides a year of updates at no charge.

The 4400 series starts at prices of $9,495 for a box licensed to conduct 50 concurrent sessions, but Lev estimated that entry level prices will be in the $8,000 range after discounting. Additional licenses can be purchased in blocks of 25, 50, 100, and 1,000 sessions.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights