Indeed, and they have (or had, it's been a while since I looked) a
broad range of products for this space - we have 4 units, of which
three are pretty tiny and approaching EOL (Sonicwall 200 and Sonicwall
2000), and the fourth we purchased about a year ago (Aventail EX6000)
and is extremely capable, and we're pretty happy with it - with one
minor niggle...
To wit, if your policies dictate that a client making a VPN connection
must have an AV package installed (and you can choose any of a large
number of recognized products - very nice), and that AV package gets
upgraded to a newer version of that AV package than the EX6000
recognizes, then you have to
a) wait for the newest version of the EX6000 software to come out
and recognize it
and/or
b) work around the problem by merely looking at processes running
in memory by name, and hope that malware isn't spoofing the name of
your chosen AV package.
We ran into this when upgrading both VIPRE and MSE recently - I'm
guessing that the client software normally runs some sort of hash
against the executable to recognize it, unless you've just said
"accept if MBAMSVC is attached to a process running in memory".
It's a bit of a PITA, I must say - I think they should decouple AV
package recognition from their OS upgrades and publish those more
regularly.
Kurt
On Tue, May 22, 2012 at 8:33 PM, Jonathan Link <[email protected]> wrote:
> FYI Sonicswall's do this, too.
>
> On Tuesday, May 22, 2012, James Kerr wrote:
>>
>> I will be giving them a call tomorrow! Thanks for that info.
>>
>> On Tue, May 22, 2012 at 1:52 PM, Matthew W. Ross
>> <[email protected]> wrote:
>>>
>>> Check out the SSL-VPN appliance from Barracuda. It can forward a RPD
>>> session over a forwarded port, using Java. So all your end users will need
>>> is Java. It works for us for Windows and Mac OS X.
>>>
>>>
>>> --Matt Ross
>>> Ephrata School District
>>>
>>>
>>> ----- Original Message -----
>>> From: James Kerr
>>> [mailto:[email protected]]
>>> To: NT System Admin Issues
>>> [mailto:[email protected]]
>>> Sent: Tue, 22 May 2012
>>> 10:38:29 -0700
>>> Subject: Solution For Remote Access
>>>
>>>
>>> > Heh all,
>>> >
>>> > We are curently looking for a way to access our RDP app servers
>>> > remotely
>>> > though a browser. We tried setting up an RDP gateway with a session
>>> > broker
>>> > and server farm and could not get it to work externally, we can reach
>>> > the
>>> > site but when we try to launch the remote app we basically seem not to
>>> > be
>>> > able to reach the RDP servers. We have pretty much given up hope on
>>> > getting
>>> > this thing going without utuilizing VPN. We can't use VPN, we need to
>>> > give
>>> > our doctors access to our health records remotely from any computer
>>> > through
>>> > a browser, this includes Macs. I'm thinking that Citrix is my solution
>>> > but
>>> > I don't think the company is going to pony up the kind of cash needed
>>> > for
>>> > the software and training needed for occasional connections off hours.
>>> > Maybe we will just have to tell management the doc on call has to take
>>> > a
>>> > notebook netbook with them while they are on call and that's the
>>> > solution,
>>> > that or $Citrix$. I'm kind of just venting here but if anyone wants to
>>> > chime in with some advice, I'm all ears. :-)
>>> >
>>> > James
>>> >
>>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>>> >
>>> > ---
>>> > To manage subscriptions click here:
>>> > http://lyris.sunbelt-software.com/read/my_forums/
>>> > or send an email to [email protected]
>>> > with the body: unsubscribe ntsysadmin
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to [email protected]
>>> with the body: unsubscribe ntsysadmin
>>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to [email protected]
>> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to [email protected]
> with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
