 |
|
Following the success of VPN-Q 2006, VPN-Q 2009
brings remote access NAP/NAC Quarantine to the
next level! VPN-Q 2009 maintains the same key
benefits of the previous version and introduces
new functionality and features that our
customers have asked for. VPN-Q 2009 also
introduces a new member to the lineup - the
Express Edition!
VPN-Q 2009 helps secure your VPN connections by
checking the health state of remote endpoint client PC's while
they are isolated in a quarantine network. Threats from viruses, worms,
hackers and malicious users are everywhere, by ensuring that remote PC's
connecting to your network have up-to-date anti virus software, a
personal firewall enabled and patches installed (to name a few
features) these threats can be significantly reduced.
|
|
|
Feature Set
The following tables detail the various features of
VPN-Q 2009 by edition:
|
Security Check \
Edition |
Express Edition |
Enterprise Edition |
| Anti-Virus Scanner status and up
to date check |
Yes |
Yes |
| Minimum operating system and
service pack level |
Yes |
Yes |
|
AD
Computer group membership |
Yes |
Yes |
| Automatic Updates status (Patch
settings) |
No |
Yes |
| Security Update status (Missing
patches) |
No |
Yes |
| Windows IP Routing status |
No |
Yes |
| Screen Saver Security settings |
No |
Yes |
| Windows Firewall status |
No |
Yes |
| 3rd Party Personal Firewall
status |
No |
Yes |
| Windows Firewall F&P Sharing
exception status |
No |
Yes |
| Internet Connection Sharing
status |
No |
Yes |
|
Custom
security checks via signed script |
No |
Yes |
|
Other Feature \ Edition |
Express Edition |
Enterprise Edition |
|
Built on
Microsoft .NET 2.0 managed code |
Yes |
Yes |
|
Authenticode signed binaries |
Yes |
Yes |
|
Support for 32-bit and 64-bit Windows XP and
Vista |
Yes |
Yes |
|
Multiple
VPN endpoints from a single dialer |
Yes |
Yes |
|
Native Smart Card, RSA SecurID, Aladdin, Gemalto
Protiva, SecurEnvoy SecureAccess and Vasco
VACMAN authentication |
Yes |
Yes |
|
Restrict specific AV / Firewall product |
Yes |
Yes |
|
Custom
VPN client branding |
Yes |
Yes |
|
Flexible
VPN client configuration and customisation |
Yes |
Yes |
|
Easier
licensing implementation and models |
Yes |
Yes |
|
Faster
client side security checking |
Yes |
Yes |
|
Run patch scan
always, weekly or monthly |
No |
Yes |
|
Management \ Edition |
Express Edition |
Enterprise Edition |
|
Manual and Auto pre-shared keys for IPSec |
Yes |
Yes |
|
Policy
enforcement on non-domain joined VPN clients |
Yes |
Yes |
|
Central
Management of policy via Active Directory or ISA
Server |
Limited |
Yes |
|
Central Logging |
Limited |
Yes |
|
Run
custom action scripts before and after
quarantine release |
No |
Yes |
|
Legal Notices
and policy compliance |
No |
Yes |
|
Remediation
capabilities |
No |
Yes |
| Windows Software Update Services
(WSUS) Integration |
No |
Yes |
What's new in VPN-Q
2009
Included in VPN-Q 2009 is a new
quarantine service which removes the dependency on the Microsoft RQS service. The
new Winfrasoft VPN-Q 2009 Management Service allows for many new features which were not
previously possible due to restrictions of the legacy
Microsoft RQS service. Because the services are totally
separate, migration from 2006 to 2009 is made easy as
they can both co-exist on the same ISA server, making it
easy to gradually upgrade your VPN clients.
The licence file is no longer included
in the client setup package, which makes it easier to
change licence files and also helps to prevent licence
file theft. To reduce activation connectivity issues,
the new quarantine service will process activation
requests with our activation server so that the VPN
clients no longer need to do this directly. The new
quarantine service also acts a policy server, the new
VPN-Q client receives its policy directly from the ISA
server and does not require AD group policy. This means
that unmanaged & non-domain joined PC's must also now
conform to your VPN security policy. You can still make
use of AD group policy if you wish, but any setting
explicitly set on the VPN server will take priority.
AD computer groups can also be used to
restrict which PC's are allowed to be used for VPN
access - not just users. Simply create an AD group
containing computer accounts and tell VPN-Q which group
to use. If a VPN connection is not made from a PC in
that group they will not be able to clear quarantine
regardless of their health state. Manual computer
objects can also be created in AD for non-domain joined
PC's by specifying the PC's hardware GUID.
Whitepapers and
Datasheets
Look
and feel
System Requirements
Minimum Server System Requirements:
- Windows Server 2003
- Microsoft .NET Framework 2.0 (SP1 recommended) or higher
- ISA Server 2004 or 2006 Standard Edition
(optional but recommended) or
- ISA Server 2004 or 2006 Enterprise Edition
(optional but recommended)
Minimum Client System Requirements:
- Windows XP with Service Pack 2 (including SP3)
- Windows Vista (including SP2)
- Windows 7
- Microsoft .NET Framework 2.0 (SP1 recommended) or higher
Languages:
- The VPN-Q 2009 Client supports multilingual configurations.
Current supported languages include:
- The VPN-Q 2009 Server Manager is
compatible with multi-lingual versions of Windows
Server 2003, however it only available in English. Winfrasoft have tested the Server
Manager on the English & German versions of
Windows Server 2003 SP1, however VPN-Q 2009 is not
limited to these languages. Non-English versions of ISA Server
are not supported.
|
|
 |
F.A.Q.
Q1: Can VPN-Q 2009 be installed on the same
ISA Server as VPN-Q 2006?
A1: Yes, VPN-Q 2006 and 2009 can operate on the same
server at the same time. This side by side deployment is
a recommended upgrade strategy which allows time for VPN
clients to be upgraded without leaving users with no
connectivity. During the installation of VPN-Q 2009 the
ISA server rules are upgraded to the new format although
the rules required for VPN-Q 2006 to function remain in
place.Q2: Do I have to use Active Directory Group Policy
to configure VPN-Q 2009 client settings?
A2: No, VPN-Q 2009 has its own management service
which enforces policy on remote VPN clients without the
need to use Active Directory. This allows the VPN server
policy to be enforced on non-domain joined clients, or
on clients which are a member of a non-trusted domain.
AD Group Policy can still be used as per the previous
version, however any policy settings set on the VPN
server will take precedence over the AD group policy
setting.
Q3: Do I have to restart the management service
when I change policy settings?
A3: No, the management service will read the policy
from the server each time a client connects, thus there
is no need to restart the service.Q4: Does VPN-Q 2009 support .NET Framework 1.1?
A4: No, VPN-Q 2009 requires a minimum of .NET
Framework 2.0 to take advantage of
new features, better security and
performance.
Q5: Does VPN-Q 2009 support Windows RRAS?
A5: No, VPN-Q 2009, unlike its previous version, does
not support Windows RRAS. VPN-Q 2009 requires Microsoft
ISA Server 2004, 2006 or IAG 2007. Customer feedback
told us that the vast majority of VPN-Q installations
used ISA Server for the extra functionality and enhanced
security, as such we have focused our attention on this
deployment scenario.Q6: Where do I get a licence file for VPN-Q 2009
from? Can I use the licence from VPN-Q 2006?
A6:
A trial licence can be generated during the
installation process using the Licence Manager or
purchased from Winfrasoft. A licence from
VPN-Q 2006 can NOT be used with VPN-Q 2009. All VPN-Q 2006 customers
with a valid support contract can request a new licence
key for VPN-Q 2009 at no extra cost.
For information on the previous version please see the VPN-Q
2006 page.
Pricing
We strive to price our software to be highly
competitive. From time to time we run special offers
for large deployments, to enquire about these please
contact us.
Click here to download the full price list
|
|
.gif)
%20200.jpg)
