Review: PortWise SSL VPN

By

PortWise 4.0 is a software solution, although we received it preconfigured on a Sun V20z running RedHat ES. We might have been better off setting it up ourselves: we had to log in to a root shell to get the network configured, and while the documentation is great for setting up actual SSL VPN services, it was not much use at the outset.

The product has some good points, but makes one mistake several times: it trusts the browser too much. For example, the product is licensed to specific hostnames, but we could not connect to the web GUI using the box’s assigned IP address because it is actually checking for the hostname in the browser request, something which is very easy to fake and hence pretty pointless.


Later, we saw something similar in “device definitions” which tie into endpoint control, but amount to checking browser user agents, again something which is easily (and commonly) faked.

PortWise sports far and away the most comprehensive list of authentication schemas we have seen, and you can configure them in many ways. Users can be imported from delimited files, and the software provides good help on how best to format the files.

In general, the help is excellent, despite its dreadful system of multiple browser window pop-ups.

This is the only product on test to support role-based admin. Configurations can be “published” to other PortWise systems, but must be manually activated by an administrator there.

Endpoint security requires an ActiveX control, and can clean up specific types of files, delete the browser cache, and provide data about the local files, registry, network, process, and Windows runstate. It can also coordinate policies via a policy server.

There are plenty of options for filtering and mapping connections for setting up web applications. Again the help is good, but lacks specific examples.

The system also has a lot of resources preconfigured, such as Exchange, Domino and Citrix, which is very good.

For: Suit large distributed environments.
Against: Some browser-dependent checks are clumsy and unreliable.
Verdict: Very good platform for enterprise users.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?