SonicWall, Aventail combo could bolster customer NAC options

SSL VPN gear from both companies will swap features

SonicWall buying Aventail presents the likelihood of developing NAC gear as well as broadening the capabilities of both companies’ SSL VPN equipment.

The marriage of SonicWall and Aventail could result in a new network access control vendor after the companies have the chance to assess and integrate their respective technologies.

While neither company sells NAC gear now, aspects of their SSL VPN equipment and security services lend themselves to reducing the risk that a device joining a network will harm the network - the cornerstone of NAC.

SonicWall and Aventail cross pollenate

With SonicWall's purchase of Aventail, technologies from each vendor's SSL VPN equipment will be integrated in the other's. Here is some of what each brings to the table that the other lacks.



Gateway antivirus and antispyware


Intrusion prevention

Endpoint integrity checking

URL filtering

Support for multiple operating systems

Distributed management software

VPN support for certain smartphones

Current and historical reporting

High availability configuration


Scaling to the needs of the largest corporations

“Of course we have an interest in it,” says Evan Kaplan, founder and CEO of Aventail who stays on as SonicWall’s vice president of business development and alliances. “Much of the endpoint security we have today and the access control and the [intrusion-prevention system] stuff applies itself to NAC.”

SonicWall hopes to apply some of its basic product principles to NAC, such as making complex technologies easier to deploy and manage, says Patrick Sweeney, the vice president of the SonicWall secure business networking unit. “With Aventail’s knowledge base and SonicWall’s knowledge base, there’s some very smart things we’ll be able to do in that area,” Sweeney says.

Aventail brings with it endpoint control technology that lets customers grant separate access rights based on the trust they have in the machine being used to make the connection as well as other factors. The company also partners with Sygate and WholeSecurity to interrogate endpoints for security compliance before admitting them to networks, key NAC functions.

“Endpoint security is becoming much more of an absolute requirement - the ability to do real interrogation, real integrity checking and then differentiate policies.” Sweeney says. “Those are things we want not just in the SSL-VPN world but across all the user population.”

Aventail has a richer SSL VPN offering than SonicWall, but SonicWall gear is simpler to use, says Jeff Wilson, an analyst with Infonetics. “I’d suspect that they’ll use Aventail as their primary platform, but take a SonicWall style pass on ease of use and then bring it down to lower-end hardware platforms,” he says. “The Aventail platform just has deeper SSL VPN functionality, from client integrity, to mobile device support.”

On a less grand scale, the $25 million purchase of Aventail will result in the gradual incorporation of elements of Aventail’s high-end SSL VPN equipment into SonicWall’s small and midrange SSL VPN gear.

For instance, SonicWall supports gateway virus, spyware and intrusion protection that Aventail lacks. It also has a distributed management platform that, unlike Aventail’s management, spans multiple appliances and supports current and historical reports.

Aventail’s access control, integrity checks of endpoints and support for devices with multiple operating systems - including some smartphones - are features absent from SonicWall gear.

Aventail sought SonicWall’s intrusion-prevention technology even before the company was put on the market, Kaplan says. “We had talked to them about their IPS independent of acquisition,” he says.

SonicWall buying Aventail should have an upside for both companies’ sales, Wilson says. “It gives SonicWall access to Aventail’s depth of expertise, and enterprise and carrier sales channels, and gives Aventail cash and access to a huge distribution channel."

The purchase should be good for Aventail customers because it becomes part of a profitable venture, Wilson says. Aventail ran at a loss. “It can only be good for existing Aventail customers, because it guarantees that the platform [and support for it] will be around for a long time” he says.

The company’s SSL gear also supports more concurrent sessions than the biggest SonicWall devices, and Sweeney says having larger boxes in its portfolio will help.

SonicWall’s largest SSL VPN box announced last fall supports about 500 users. Aventail’s gear supports up to 80,000 SSL VPN sessions if eight of its largest boxes are deployed behind a load balancer.

SonicWall recently bundled security services at a reduced price into its firewall/VPN hardware and called the package TotalSecure UTM. The bundle includes the company’s antivirus, antispyware, content-filtering and intrusion-prevention services.

The company has also tried to broaden the features of its firewall/VPN gear by supporting both Wi-Fi for local connections as well as wireless-broadband services from Cingular, Sprint and Verizon.

SonicWall’s products also include e-mail security appliances, endpoint security in conjunction with McAfee, and its UTM gear. It also makes a backup storage appliance as well as its management system.

Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022