Nortel Contivity

Opinion
Nov 4, 20042 mins

* A look at the new SSL VPN Module 1000 that slides into Nortel’s Contivity IPSec VPN boxes

Your end users may like the new SSL VPN Module 1000 that slides into Nortel’s Contivity IPSec VPN boxes because it provides easily navigable remote access to a wide group of LAN-based applications at decent speeds.  However, be aware of  both the lagging management interface and lack of fine-grained access control and end-point security features.

The SSL VPN Module 1000 blade – which started shipping last month – plugs into Contivity 1740, 2700 or 5000 v5.0 systems and comprises a dedicated co-processor running Alteon’s tried-and-true SSL accelerator code v4.2 and a configuration and management system.

On the plus side, the blade performs pretty well, Nortel’s portal page is easy to use and navigate, and the SSL VPN code works just fine with a range of applications including Exchange’s Outlook Web Access, Javascript programs, and  HTML, FTP and CIFS servers.

Nortel’s SSL VPN implementation offers some rich application translation and proxy features.  For example, this blade automatically detects and fills out form-based authentication processes on Web pages the way most browsers do.  However, this single sign-on implementation only works if your username and password are the same for the SSL VPN device as for every other Web site.  If you use any kind of one-time password mechanism for your SSL VPN, this feature won’t work.

The SSL VPN is managed with a different client than its IPSec counterpart.  Access control defined on one side must be replicated using the other GUI.  The SSL GUI is positively unfriendly. More troubling is the lack of fine-grained access controls in the SSL VPN. For example, while you can distinguish between things like source IP address and authentication method, you can’t give users different access based on filename, time-of-day, browser, or SSL security level. 

Nortel’s own TunnelGuard, an end-point security checking and verification tool, has been in the IPSec Contivity box for years, but is not included in either the browser-based or client-based SSL VPN side.  Nortel officials say it will be added later this year.

For the full report, go to https://www.nwfusion.com/reviews/2004/1011rev.html

Neal Weinberg

Neal Weinberg is an experienced technology journalist with in-depth knowledge of cybersecurity, networking, cloud, wireless, IoT, IT careers, AI, robotics, digital transformation, and self-driving vehicles. Before becoming a freelance writer, he spent 17 years as executive features editor for NetworkWorld. Prior to his time at NetworkWorld, Neal was business editor at Middlesex News. He studied at the University of Massachusetts in Amherst. His work has been published in Tech Target, Information Week, Robotics Business Review, and other publications.

More from this author