Net6 offers twist on remote access

Net6 has introduced a gateway aimed at letting users gain full network access to corporate applications using a lightweight client or just a Web browser to connect. The company says its Net6 VPN Gateway solves drawbacks of two popular Internet-based access methods: IPSec VPNs and Secure-Sockets-Layer-based remote access.

Net6 has introduced a gateway aimed at letting users gain full network access to corporate applications using a lightweight client or just a Web browser to connect. The company says its Net6 VPN Gateway solves drawbacks of two popular Internet-based access methods: IPSec VPNs and Secure-Sockets-Layer-based remote access.

While the technologies have similar characteristics, they have differences that matter to customers. For instance, employees of e-mail security service provider Postini use Net6 VPN Gateway instead of a Cisco IPSec gateway because it is easier to distribute the necessary client software and to administer, says Jon Prall, Postini’s vice president of engineering.

Net6 remote-client software is a Web download that updates itself each time users log on to a gateway. The Cisco gear requires installing the client, he says. The client makes an SSL connection to the Net6 VPN Gateway, which sits between a corporate firewall and servers the remote machine is trying to reach. The gateway terminates the SSL tunnel and acts as a go-between with servers on the corporate network.

In addition, the Net6 gear requires no reconfiguration of employees’ home firewalls as IPSec does, according to Prall, because it uses just ports commonly left open for SSL.

SSL remote-access gear also has lightweight clients or uses Web browsers, but Net6 says its gear gets around drawbacks that SSL remote access has. For instance, the Net6 Gateway supports all applications at the network layer, so the applications they access appear as they do on a LAN. This is also true of IPSec VPNs. Some SSL remote-access equipment has limits on the applications it can access or it displays applications with different interfaces than end users are used to.

Net6 says that while SSL remote-access products must be upgraded when a specific application is upgraded, Net6’s software does not. These upgrades generally include alterations to the client/server protocols that require changes in the custom connectors within SSL remote-access software. Net6 intercepts traffic at Layer 2, so does not have to deal with these protocol changes.

The fact that Net6 gear proxies traffic insulates the network it protects from worms. Worms seeking IP addresses to find vulnerable machines might hit the address for the Net6 Gateway, but polling by the worms will not be authenticated nor contain proper information for being passed on to internal IP addresses, Net6 says.

This feature drew data-migration vendor Rainfinity to test Net6 gear for use by its employees who need to access corporate resources, says Curt Jernigan, director of IT at the San Jose company. He avoided IPSec VPNs because they create network-layer tunnels with direct access to internal IP addresses. “I just wanted to make sure there wasn’t any door left open to allow in any worms,” he says.

Net6 says its gear supports real-time applications such as voice and video, and because the SSL tunnel it uses employs just firewall Port 443, it solves network address translation problems that IP softphones would have crossing firewalls without a tunnel.

When Net6 Gateway and Net6 Remote are ready to ship next week, they will support Windows 2000 and XP desktops. The company says it is developing clients for Linux and Macintosh operating systems.

The gateway costs from $160 per user for 50 users, to $11 per user for 2,000 users.