Nokia's IP380 offers SSL VPN support through its NSAS (Nokia Secure Access System) facility. NSAS administration is browser based, but has a different layout to the "Voyager" system management interface. This is just as easy to use and presents no problems in practice. NSAS can also use the serial interface if required.
NSAS provides logging for gateway operations and user request auditing. There are viewing facilities that can be refined to focus on areas of particular interest, such as authentication failures or a particular user's activities. Logs are maintained in the device, but can also be sent to an external log server.
Users access can be controlled by one or more authentication methods, that are used in sequence until a match is made or the user is denied access.
Access to resources is controlled both by global access rules and individual resource rules. A resource can be globally allowed or denied; in which case no further checking is done, or "deferred" in which the individual resource ACL (Access Control List) is checked.
The rules can be coupled with the results of a client integrity scan which can be carried out either before or after a client signs on, producing a fine-grained access control system that can react dynamically to changing circumstances. Client integrity is determined by running scripts at the client, which must have JavaScript enabled as well as the Java runtime environment. The supplied scripts can check for indications of security problems, such as files or open ports associated with known security breaches, and check for security enhancements such as virus scanners and firewalls. It is possible to amend these scripts and to produce new ones, but this should only be done after consulting Nokia support.
The online help is generally detailed and well-organized, but can be less than helpful. When looking for help on adding an authentication method, for example, the system advised us to "use the Manage Authentication Methods page to add an authentication method to the gateway." We did find more detailed information in the accompanying documentation.