[THIN] Re: Citrix releases SSL VPN Appliance

  • From: "Steve Greenberg" <steveg@xxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Fri, 4 Feb 2005 09:56:57 -0700

In short, the traditional IPSec VPN create a local network interface and in
the process tends to have various support issues and conflicts with local PC
configurations. It also presents the possibility of bridging traffic across
Most of the SSL VPN offerings tried to have a zero footprint client and
while they avoided some of the IPSec issues, they were not as robust and
required klugey workarounds to function with certain applications. For
example, they cannout handle UDP, need special workarounds for IMAP, etc.
The Citrix product, formerly Net6, approached it a bit differently. They
accepted the need for a local client (easily installed via Web), but have it
effectively run in user execution space. They do not create an additonal
network interface and therefore avoid all of the configuration and
compatibility issues that plaque IPSec VPN client software. Since the client
runs in user space it can be intelligent about all protocals and monitor
local applications and route their traffic according to set rules. It can
also validate the local configuration and do end point checking such as
requiring a certain version of virus definitions, certain registry settings,
There is a much deeper explanation at the link above, but in short they made
a better mouse trap that is easy to install and adminstrate, avoids many
common support issues and is very granular in the applications, protocols
and ports is controls.

Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd. suite D8453
Scottsdale, AZ 85262
(602) 432-8649
(602) 296-0411 fax



From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Lilley, Brian
Sent: Friday, February 04, 2005 4:58 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Citrix releases SSL VPN Appliance

Steve, I wonder if you can point me in the direction of some good
documentation on the exact workings of this device... or I guess more
specifically, I am trying to fully understand the subtleties of SSL, PPTP
and Ipsec VPN's.
I have worked with a VPN set up over a PPTP connection before.  So, my
understanding is that this PPTP VPN is working at the network layer, i.e.
you end up with an additional network entry in your routing table on the
client device which is tunneled through PPTP.
So, the SSL VPN works at the application layer and provides a TCP tunnel?
how does this work exactly and how is this tunnel presented to the client?  
What do they mean when they say Citrix leverages the SSL VPN along with the
ipsec VPN.. does that mean you get a network route entry for tunneling non
ICA traffic, and then you get SSL encryption for 'proxying' ICA connections,
or have I just made all that up?
We are very interested in this box, but just not too sure about the colour.
thanks in advance, Brian 

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf
Of Steve Greenberg
Sent: 04 February 2005 05:23
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix releases SSL VPN Appliance

Now that this is public, I want to let everyone know that product totally
rocks! It has all of the best attributes of an IPSec VPN and an SSL VPN
without the problems associated with both. While I have been less than
totally excited about some of Citrix's other new products over the last few
years, this one is pretty awesome. I predict that it is going to take off
and dominate the VPN market eventually.....

Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd. suite D8453
Scottsdale, AZ 85262
(602) 432-8649
(602) 296-0411 fax



From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Jim Kenzig Kenzig.com
Sent: Thursday, February 03, 2005 5:16 PM
To: thin@xxxxxxxxxxxxx; Thinnews
Subject: [THIN] Citrix releases SSL VPN Appliance 

tID=15005> &productID=15005
Jim Kenzig

This message is for the sole use of the intended recipient. If you received
this message in error please delete it and notify us. If this message was
misdirected, CSFB does not waive any confidentiality or privilege. CSFB
retains and monitors electronic communications sent through its network.
Instructions transmitted over this system are not binding on CSFB until they
are confirmed by us. Message transmission is not guaranteed to be secure.

Other related posts: