[vpn] best SOHO devices

Anthony Lee jac_des_vert at yahoo.com
Tue Apr 16 08:31:53 EDT 2002 

Its always fascinating to see these emails from
"Fortune 100" companies, especially with a user from
an anonymous web address.  I generally just take them
with a grain of salt due to the fact that this is not
that uncommon of a method of placing Dis-information
against a product.  (Especially a successful one)  

I've worked with several different VPN boxes and it
still comes down to what you want for functionality. 
It is true that the Contivity doesn't have the
greatest central management functions, though from
what I hear there is a new management software being
issued to do just that.  Most products use a separate
software for mass configuration.  And I must add that
I LIKE the fact that if you require security for your
configuration and management, the use of a tunnel for
management purposes is VERY secure.  Nortel's
contivity even lets you eliminate the HTTP function
for management and use just tunnels.  It would be nice
if they had SSL or something like that to give you an
option.

The Contivity CLI is no worse than anyone elses.  I've
used the CLI with Cisco and with Netscreen.  I found
them all to vary in what they are capable of and how
easy they are to use.  None of them are exactly set up
for the inexperienced.  Complaining about one and not
qualifying the statement makes me wonder about
motives.

The GUI on the Contivity is really slow at times.  I
migrated to an external LDAP and that sped things up
substantially. I've never seen provisioning take as
long as described, though my guess is that its got a
monstrous LDAP database.  If you move it to external
it will speed up.  I'm not certain why the GUI is so
slow, but its probably got something to do with
writing to the hard drive.  I like the GUI though.  I
found it easier to use than Netscreen's, though about
the same as Altiga and not quite as easy as Nokia
Cryptocluster.

I've done several upgrades with no problems at all. 
Of course, I make a full back up before I upgrade,
just to be safe.  Contivity has that ability for full
system backups.  And if you use and external LDAP, you
won't lose any of your database should the Contivity
go down.  I did upgrade my Netscreen 100 once and got
totally locked out.  They even warn you during the
config that this could happen.  Worst of all is that I
had to RMA the Netscreen to get one working again. 
Never had that happen with a Contivity.

As for PKI, I don't see any reliance of the Contivity
just on Entrust.  I use Baltimore.  Strange that it
seems to use all of the PKI that I have ever tried
with it.  Win2K, Baltimore, Entrust, Verisign, Etc. 
Again some questionable information.  Motive?

As to cost.  You get what you pay for.  Contivity has
a lot of stuff that other VPNs don't.  Routing (which
does cost extra for OSPF). A FREE remote access client
that is very nice. QoS, that I haven't tried yet. 
Stateful Firewall (another extra cost if you want it).
 The ability to use RADIUS, External LDAP, SecureID
for authentication.  Performance is pretty good though
not up to Netscreen's.  Though I find that my pipe to
the Internet can't handle the throughput of either
one. (T1)

As for support, Cisco has a pretty nice support
overall.  Nortel's is about on par with everyone else.
 Over worked and not that great at getting back to
you.  Of course their device is easier to trouble
shoot than many.  Altiga gives you almost nothing to
go on in the event logs for trouble shooting a problem
connection, and Netscreen may as well not have and
event log at all.  I've seen this mentioned in some
reviews on them as well.  Hope they are working on
that.For SOHO boxes though, there are so many out
there you really need to find exactly what you need. 
If you only need a small amount of functionality,
(i.e. just VPN) then Sonic Wall is nice, and the
Netscreen 5xp isn't bad.  If you need more
functionality, routing say, then the Contivity 600 is
nice.  And if you need to have remote access for a
bunch of users, then the Contivity Free client is a
definite benefit. This definitely isn't an easy
choice.

Well good luck on your decisions,

Jac(Yes, an anonymous address. But not an angry rant.)





Orininal message:

 Hi Bill, I have heard quite a bit of good feedback on
the Netscreen 5xp--though the central management piece
has yet to be explored some. If I may offer a word to
the wise--don't go Nortel. That's actually what my
company is using now and I like it less and less each
day. In fact, we hate it so much that we are going
with a different product and scrapping our entire
Nortel-based VPN solution (this is coming from a
Fortune 100 company). They are rather stable, yes. But
they are hugely expensive, the support leaves much to
be desired (and isn't cheap either). You *cannot*
manage them centrally. 

Blah blah blah,

__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list