In: VPN9 Feb 2010
After an intense development cycle over the last few months, we are pleased to announce that we have just released the latest version of our VPN solution, Propalms VPN 3.5
This release sees the end of the free 10 user give-away, however you are getting some great enterprise features within the VPN product at a very attractive price. Contact us at email@example.com for more information on pricing.
The VPN management console GUI is simplified and improved now. The left navigation tree has a new organization with more logical grouping of configuration screens.
Context sensitive help is added to management console to facilitate quick reference to configuration options.
A new graphical dashboard is added to management console showing live users, license usage, resource usage and important VPN information.
It is now possible to add and use more than 1 external authentication servers. There is a new authentication server management screen where multiple servers can be configured. These servers can be then configured in cascading mode. This means, if user can not be found in highest priority server, the user is will searched in the lower priority servers also.
In case the authentication server cannot provide role/group information for an incoming user, a separate authorization server can be specified which will be used to provide user role information. Authentication servers like OTP tokens or RSA SecureID servers may not provide role information to VPN gateway. VPN gateway requires user’s role to assign applications to the user. With such servers an additional external authentication server or native groups can be used to decide the role of the user.
The authentication is done with the external authentication server and then the username is searched in the configured external authorization server.
A new screen is added to management console to define the authentication and authorization scheme for the VPN, termed as VPN domain. In future versions, it will be possible to add multiple VPN domains each with own AAA scheme. The global authentication scheme includes the authentication servers to be used for authentication, any external authentication server(s) and group list which needs to be denied login to VPN.
The licensing mechanism is improved to include a system default license, endpoint security feature control based on license as well as making the license key tied to a particular hardware.
VPN gateway can run in 3 license states:
1. System default (5 users for 30 day evaluation)
2. Evaluation license (time bound)
3. Production license
A newly installed VPN gateway can be started in system default license which is valid for 5 concurrent users for 30 days. Alternatively administrator can choose to put a license key at the time of pre-boot stage.
A license key can be added from management console after the VPN is configured.
To get a license key, administrator must send the “product key” displayed on management console to firstname.lastname@example.org. The new license key will be valid only for the hardware from which product key was taken.
The new license can enable endpoint security feature on the appliance.
The VPN gateway will send notification emails to all registered security officers and administrators before 5 days and 2 days from expiry of the license. The VPN gateway will send a last notification email 24 hours before expiry of the license.
With v3.5, administrators can back up the configuration and restore the same in case of a disaster.
The backup file is stored on administrator’s desktop which can be uploaded back to gateway for restoration.
There are two back options available: User settings backup or full system backup.
This backup will export the settings configured by administrator to the desktop.
This backup enables administrators to regularly back up the settings and use them in case the administrator needs to revert back to old state or the old system has to be replicated to a new one.
The backup includes following settings:
This backup does not include any certificate and system information hence is portable across various VPN gateways located at difference locations.
This backup exports everything including the certificates related configuration. This backup is useful to rebuild a whole system by reinstalling the firmware and then restoring it to the last backed-up state again.
This backup includes the following information:
It is important to make sure the hostname of the system should be set to same as what it was when the backup was taken from the system. If the hostname is different, an error will be prompted to the administrator. It will also give the name of the expected hostname.
This backup type can be used to restore a whole system. In both cases, VPN must be in configuration state and the VPN services will restart after restore process is over.
All the administration changes are logged and viewable through the management console. The logs are achieved on the gateway with capacity to store more than 200,000 log entries.
An option is added to VPN console to reset security officer/administration’s account. The feature resets the administrator’s certificate on VPN management console and sends a new passphrase to the registered email ID of the administrator. This feature can be used in case administrator’s certificate is lost or administrator forgets her password.
A new option is added to the management console so that IP address, DNS and host file modifications can be done from management console. Administrators can change IP address related settings as well as configure the DNS options. It is also possible to create host file entries on VPN gateway to resolve the names.
A new option is added to the management console so static route configuration can be done from within the console itself.
A new option is added to the management console providing the capability to reboot and shutdown the appliance.
At the time of creating local user accounts, administrator can set a date when the account will automatically expire. After the given date the user account is set to “disabled”. This option is applicable only for basic authentication and certificate users. This option is not applicable to security officers and administrators.
While creating new applications, it is common to set a hostname for Application server or the URL which is not resolvable from VPN gateway. This can happen either the hostname typed is not correct or the DNS server is not configured correctly or there is no DNS server at all. In v3.5 when creating applications, the VPN will check if the hostname specified as Application Server hostname and the hostname/domain name in the Web URL is resolvable from VPN gateway or not. An error is displayed if the name cannot be resolved. The Administrator can fix the hostname or they can create host file entry for the hostname.
VPN Clients for Linux and MAC OS X are now available for download from VPN portal. Users can choose to download the correct VPN client for their platform.
Until version 3.4, SSO for Propalms TSE was supported only for basic authentication users. In v3.5, SSO is supported for users authenticating with certificate also. The username is fetched from the client certificate’s ‘issued to’ field. The user must have same username and password on the Propalms TSE server also.
In v3.5, when using Propalms OS Console menu, user needs to authenticate to console using a built-in account. The account name is ‘consoleadmin’. The password for the account is ‘adminconsole’.
The Administrator has the option to change the password for ‘consoleadmin’ user.
Root access to Propalms OS is blocked completely.
For more information go to http://www.propalms.com/products/propalms_vpn.php
Propalms is a leading global provider of application delivery, desktop virtualization and remote access solution. Interact and discuss Propalms Product internals and strategies with Propalms core team via this blog.