FirePass 4100 Controller
Price: Starts at $24,995 for 100 concurrent users, plus $995 for antivirus and firewall checks
F5 Networks bills its FirePass 4100 Controller as an SSL VPN remote access server. That's like calling the
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
The FirePass 4100 is one of the most flexible, capable and secure devices available. It works with virtually any browser, operating system, terminal protocol and device ranging from enterprise servers to cell phones.
The new version 5.5 improves on the outstanding product we named Hot Pick in January 2005. In addition to its staggering communication skills, it can now enforce policies and check update status on more than 100 anti-virus and personal firewall products. With this release, when used as part of an F5 application-switching infrastructure, it can leverage the BIG-IP Application Traffic Management for centralize security and access control for WLAN and LAN as well as remote users.
Installation on our test network, set up to simulate a mid-sized enterprise, was easy, with a wizard to guide us. We configured the firewall to create a DMZ aimed at the FirePass. All remote users at the router were taken to the appropriate location within the network. We set up a Windows 2003 network server that required proper authentication and a Unix Web server open to anyone. You can create network shares for a variety of OSes, including Windows, Linux and Unix (we used Windows shares).
Configuring the FirePass was drama-free, but that does not mean that it's free of complexity. While there's nothing difficult about using the FirePass 4100, there are a lot of options. The documentation and the help files are very clear, but there is a lot you can do with the FirePass internal management Web page, and that, by necessity, brings complexity.
However, with this version's enhanced Visual Policy Editor, FirePass keeps the complexity under control by clearly dividing each task into its component functions, and then providing tabbed choices that let you drill down to the one thing you need to do.
For example, when you go to Network Configuration, each task is logically divided into specific tasks through the tabbed interface. We put our remote access to the test from a hot spot in a book store, and everything worked perfectly. Once we signed in, we received a page showing what we could do, and everything proceeded without problem. We could get to the internal Web site and browse the network shares when we signed on with the right permissions, using our applications remotely.
The robust features for this remarkable product go on and on--four gigabit ports that allow you to handle separate networks, the ability to cluster or to offload SSL processing to other devices to improve scalability, easy and flexible administration, an intuitive management interface, and well-designed wizards.
In fact, everything is easy, it all works as it should, and you have enormous flexibility, making this arguably the best remote access product we've seen in recent memory.
This product review first appeared in the April 2006 edition of Information Security magazine.