[vpn] best SOHO devices

[Travis Watson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well written retort, Jac.  You made some valid points.  For clarity,
however, I will respond to a few things largely separate from the
main subject matter.

1) I don't view anything I said as "dis-information."  I put my
opinion out there--to be sure--but I didn't alter facts or make
anything up.  You may think me misguided, unfair, wrong, or just
plain stupid (I've been called much worse), but I'm not a liar.

2) My statement about Nortel's support was unfair.  Their level one
and two guys are actually pretty good and they have helped me out a
few times in the past.  My problem is with their level 3 support and
their sales/contract representatives.  I should have qualified that,
and I apologize.

3) I don't have any hidden agenda or ulterior motives.  I'm actually
rather surprised that you saw any, as I'm not normally that clever. 
I simply state my opinion.  I can do it rather strongly, but I'm not
twisting my moustache in the hopes that I may influence things my
way--and not arrogant enough to think that I can.

4) With regard to Entrust, the issue is almost entirely with cost. 
The product is fine (in some ways excellent, in some ways not so
great), but it's just expensive--though much more reasonable than
others.

5) With regard to my alleged anonymity, I think it would be foolish
and unprofessional to use my company email address to slam our
vendors--and just as foolish and unprofessional to do it on company
time.

Thanks for debate.

Regards,

Travis



- -----Original Message-----
From: Anthony Lee [mailto:jac_des_vert at yahoo.com]
Sent: Tuesday, April 16, 2002 5:32 AM
To: vpn at securityfocus.com
Subject: RE: [vpn] best SOHO devices


Its always fascinating to see these emails from
"Fortune 100" companies, especially with a user from
an anonymous web address.  I generally just take them
with a grain of salt due to the fact that this is not
that uncommon of a method of placing Dis-information
against a product.  (Especially a successful one)  

I've worked with several different VPN boxes and it
still comes down to what you want for functionality. 
It is true that the Contivity doesn't have the
greatest central management functions, though from
what I hear there is a new management software being
issued to do just that.  Most products use a separate
software for mass configuration.  And I must add that
I LIKE the fact that if you require security for your
configuration and management, the use of a tunnel for
management purposes is VERY secure.  Nortel's
contivity even lets you eliminate the HTTP function
for management and use just tunnels.  It would be nice
if they had SSL or something like that to give you an
option.

The Contivity CLI is no worse than anyone elses.  I've
used the CLI with Cisco and with Netscreen.  I found
them all to vary in what they are capable of and how
easy they are to use.  None of them are exactly set up
for the inexperienced.  Complaining about one and not
qualifying the statement makes me wonder about
motives.

The GUI on the Contivity is really slow at times.  I
migrated to an external LDAP and that sped things up
substantially. I've never seen provisioning take as
long as described, though my guess is that its got a
monstrous LDAP database.  If you move it to external
it will speed up.  I'm not certain why the GUI is so
slow, but its probably got something to do with
writing to the hard drive.  I like the GUI though.  I
found it easier to use than Netscreen's, though about
the same as Altiga and not quite as easy as Nokia
Cryptocluster.

I've done several upgrades with no problems at all. 
Of course, I make a full back up before I upgrade,
just to be safe.  Contivity has that ability for full
system backups.  And if you use and external LDAP, you
won't lose any of your database should the Contivity
go down.  I did upgrade my Netscreen 100 once and got
totally locked out.  They even warn you during the
config that this could happen.  Worst of all is that I
had to RMA the Netscreen to get one working again. 
Never had that happen with a Contivity.

As for PKI, I don't see any reliance of the Contivity
just on Entrust.  I use Baltimore.  Strange that it
seems to use all of the PKI that I have ever tried
with it.  Win2K, Baltimore, Entrust, Verisign, Etc. 
Again some questionable information.  Motive?

As to cost.  You get what you pay for.  Contivity has
a lot of stuff that other VPNs don't.  Routing (which
does cost extra for OSPF). A FREE remote access client
that is very nice. QoS, that I haven't tried yet. 
Stateful Firewall (another extra cost if you want it).
 The ability to use RADIUS, External LDAP, SecureID
for authentication.  Performance is pretty good though
not up to Netscreen's.  Though I find that my pipe to
the Internet can't handle the throughput of either
one. (T1)

As for support, Cisco has a pretty nice support
overall.  Nortel's is about on par with everyone else.
 Over worked and not that great at getting back to
you.  Of course their device is easier to trouble
shoot than many.  Altiga gives you almost nothing to
go on in the event logs for trouble shooting a problem
connection, and Netscreen may as well not have and
event log at all.  I've seen this mentioned in some
reviews on them as well.  Hope they are working on
that.For SOHO boxes though, there are so many out
there you really need to find exactly what you need. 
If you only need a small amount of functionality,
(i.e. just VPN) then Sonic Wall is nice, and the
Netscreen 5xp isn't bad.  If you need more
functionality, routing say, then the Contivity 600 is
nice.  And if you need to have remote access for a
bunch of users, then the Contivity Free client is a
definite benefit. This definitely isn't an easy
choice.

Well good luck on your decisions,

Jac(Yes, an anonymous address. But not an angry rant.)

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPMA0I2i85ZG+FfBoEQLdtQCghfb0hfgMbpnTkqv/mS980ccVwyUAoLdF
8HjjaisPZPpsdF5JJJT4wEYy
=OGBY
-----END PGP SIGNATURE-----


VPN is sponsored by SecurityFocus.com