Here are five frequently asked questions about Citrix’s Access Gateway. If you have a question about the product that isn’t here, just let us know.
1. How is the Access Gateway different from other SSL VPNs in the market?
The Citrix Access Gateway provides users and IT administrators with all of the advantages of both IPSec VPNs and SSL VPNs, and none of the shortcomings. This means users do not have to think about starting, stopping, reconnecting or different modes and administrators do not face the significant IT burden of a typical SSL VPN deployment.
SSL VPNs use a complex and sometimes confusing mixture of four essentially inoperable technologies — Web proxying, application translation, port forwarding and network extension — to attempt to accomplish secure remote access. However, because each of these technologies has different benefits and limitations, the administrator and user must decide which technology to configure and use in different situations. This leads to a great deal of complexity, maintenance and management. In addition, many organisations continue to maintain an IPSec VPN deployment for applications that are not supported by any of the four SSL VPN technologies, further increasing the administrative burden and costs.
In contrast, the Access Gateway combines into a single product the functionality of all four SSL VPN technologies and the benefits of IPSec VPNs as well, simplifying secure remote access for both administrators and users without compromising security.
2. What applications are supported by the Access Gateway?
The Access Gateway supports any application or protocol without any development work, application re-writing, customer connectors, or limitations whatsoever. This also includes the ability to run an IP soft phone or connect an IP hard phone.
3. Do I still have to purchase an endpoint security solution if I deploy an Access Gateway?
No. The Access Gateway provides integrated endpoint security as part of the product. Integrated endpoint security provides continuous, real-time monitoring of items such as file, checksum, and registry checks, as well as whether the endpoint is an approved corporate asset.
In contrast, most VPNs rely on third-party products to provide this functionality, which leads to additional costs and integration challenges. Of the few SSL VPNs that can do limited checks as part of the product, the check may occur only once and only when accessing their portal of Webified applications. This could lead to spyware and other malware being loaded after the initial authentication.
4. What is Always-On Roaming?
Always-On Roaming is a feature that enables the Access Gateway client to continue to run in memory, even when the laptop or PC is disconnected from the network. It provides a powerful way to always ensure security over 802.11 networks without having to deploy and maintain a WEP environment. This functionality is not currently available in either IPSec VPNs or SSL VPNs. Always-On Roaming can be enabled or disabled by the administrator.
5. Does the Access Gateway have the same security risk in bridging networks as the network extension option of SSL VPNs?
No. The network extension option of SSL VPNs has a security exposure because it exposes the IP address of the remote network to the client. The Access Gateway does not expose IP addresses in the remote network, which effectively blocks worms from traversing.
To find out more or request a quote, just click here.
