RE: Best VPN Appliance

Thank-you all for reply and sugessting the VPN Box.??
I'm in the process of evaluating different boxes and they are;??

SA4500 SSL VPN Appliance?

Barracuda SSL VPN?

F5 ??FirePass SSL VPN
?F5 BIG-IP Access Policy Manager | F5

The problem i'm facing so far is MAC OS X compatibility. The demo box i had for Juniper was not able to run Network Connect on MAC OS 10.5.8.

The Juniper SSL VPN works great with Mac 10.6 (and prior versions going back about 5 years). I'm not sure what issue you might be seeing, but Network Connect is very solid in that environment. Secure Meeting also works fine on the Mac. The place where you will have compatibility issues is the end-point security checking, but this is common to all OS X. If you're not doing EPS checking, you don't care. If you are, you already know that Macs have a different set of software & vocabulary than Windows platforms.

From your experience from F5, Juniper and Barracuda, which one will be best in terms of;

1) Support
2) Resiliency 3) Security
4) Scalability
5) Manageability

The Barracuda box is very new and I haven't looked at it, but certainly the Juniper and F5 boxes are top contenders; you should also be looking at SonicWALL (which used to be Aventail).

Your laundry list above is fairly vague, since you don't list YOUR requirements. However, I did a very extensive test of SSL VPN devices a few years ago which is still VERY applicable to the products that were in it. This is considered a fairly mature market, and the F5 box of today is not very different from the one of three years ago.

You might consider figuring out what you want to do with the box, and then measuring the contenders against that, rather than asking "which is the most scalable," since in the NANOG context that could mean anything from "two-node active/active cluster" to "geographic clustering in 40 data centers." (Nick will at this point chime in with his now-famous "string analogy")

Try reading this:

It's dated 2005, so you can assume that annoying bugs are fixed, but product feature sets are very similar. There's also some more recent SSL VPN testing I've done in Network World, such as the Netgear box (not designed for the enterprise) and just last week the Microsoft one.

Note that Network World writes for enterprises, and NANOG is a service provider mailing list, so depending on why you're asking for this, my results may or may not be applicable. For example, features like delegated and partitioned management, which are SP-critical but often ignored in the enterprise, weren't really part of my evaluation.