"I just want Bob from HR to be able to run his apps remotely while not exposing the entire network to people in the coffee shop. I must be sure that Bob is Bob and that his laptop is healthy too... is that too much to ask?"

 

Now in its 3rd major release, VPN-Q 2010 takes remote access security to the next level. VPN-Q 2010 is a multi-layer remote access gateway solution which implements real-world security principles by layering strong authentication, health state checking, quarantine control, network access controls and protocol filtering in a single solution. Costs are kept low as there is no need up upgrade network equipment, server Operating Systems or Windows client version.

VPN-Q 2010 uses a lightweight client that leverages Windows' native networking capabilities and functions - even when users do not have administrative rights. The small foot-print client (1Mb) works across all versions of Windows since XP for both 32 and 64bit systems - all from a single installation file meaning the end of VPN client deployment headaches.

Make use of SSL VPN connections without the pain of Java, ActiveX and browser version issues. VPN-Q 2010 supports 3 VPN protocols for the ultimate in connection flexibility. You no longer have to choose between a legacy dialler or a SSL VPN, you can have the best of both all in a single package - all with health checking and a consistent user experience. Whether you are working in a hotel or from a partner or client’s site, VPN-Q will find the appropriate protocol to connect automatically.

Get the Datasheet Online Demo
 
Download Now Case Study #1 Case Study #2
 
 On this page...
 

Feature Set
The following tables detail the various features of VPN-Q 2010 by edition:
 
VPN Protocols Express Edition Enterprise Edition
Point to Point Tunneling Protocol - PPTP Yes Yes
Layer 2 Tunneling Protocol with IP Security - L2TP/IPsec Yes Yes
Secure Socket Tunneling Protocol - SSTP (SSL VPN) Yes Yes
 
Security Check \ Edition Express Edition Enterprise Edition
Anti-Virus Scanner status and up to date Yes Yes
Anti-Spyware Scanner status and up to date (NEW) Yes Yes
Minimum operating system and service pack level Yes Yes
AD Computer group membership Yes Yes
Automatic Updates status (Patch settings) No Yes
Security Update status (Missing patches) No Yes
Windows IP Routing status No Yes
Screen Saver Security settings No Yes
Windows / 3rd Party Personal Firewall status No Yes
Windows Firewall F&P Sharing exception status No Yes
Internet Connection Sharing status No Yes
Custom security checks via signed script No Yes
 
Other Feature \ Edition Express Edition Enterprise Edition
Built on Microsoft .NET 2.0 and 3.5 managed code Yes Yes
Authenticode signed binaries Yes Yes
Scalable 64 bit server architecture Yes Yes
Support for 32-bit and 64-bit Windows XP, Vista and 7 clients Yes Yes
Multiple VPN endpoints from a single dialer Yes Yes
Native Smart Card, RSA SecurID, Aladdin, Gemalto Protiva, SecurEnvoy SecureAccess, Swivel PINsafe and Vasco VACMAN authentication Yes Yes
Restrict specific Anti-Virus & Anti-Spyware product(s) Yes Yes
Restrict specific Firewall product(s) No Yes
Custom VPN client branding Yes Yes
Flexible VPN client configuration and customisation Yes Yes
Include custom files within VPN client installation routine Yes Yes
Run patch scan always, weekly or monthly No Yes
 
Management \ Edition Express Edition Enterprise Edition
Manual and Auto pre-shared keys for IPSec Yes Yes
Policy enforcement on non-domain joined VPN clients Yes Yes
Central Management of policy via Active Directory or TMG Limited Yes
Central Logging Limited Yes
Run custom action scripts before and after quarantine release No Yes
Legal Notices and policy compliance No Yes
Remediation capabilities No Yes
Windows Software Update Services (WSUS) Integration No Yes

What's new in VPN-Q 2010

Included in VPN-Q 2010 is the third major release of the product which was originally brought to market in 2006. This highly stable and mature product keeps growing in popularity and features thanks to customer feedback and new technologies that can be embraced.

As VPN-Q 2010 is designed to run on Microsoft Forefront TMG it can now leverage the Windows Server 2008 Secure Socket Tunneling Protocol (SSTP) which allows Windows Vista and 7 clients to establish a seemingly traditional VPN connection over SSL. This allows IT admins to have a common gateway infrastructure for the 3 common VPN protocols and broadens connection possibilities. The 64bit architecture of TMG and VPN-Q allow for a highly scalable VPN concentrator.

The VPN-Q client now includes support for Anti-Spyware product detection. Spyware is a real threat on the web today and can easily be as vicious as a virus or worm, thus making sure you are protected is essential.

Whitepapers and Datasheets
VPN-Q 2010 Installation and Configuration Guide

 
"Releasing VPN Quarantine Users with VPN-Q 2006" by Dr. Thomas Shinder of ISAServer.org.
Click here for original web publication.
"Achieving Regulatory Compliance for remote access with VPN-Q 2006" by Winfrasoft.
"10 reasons to use ISA Server 2004 as your remote access VPN server and VPN gateway" by Dr. Thomas Shinder of ISAServer.org. Reason number 7 is where VPN-Q comes in!
     

Look and feel

VPN-Q 2010 Client console:
A simple "traffic light" view that users see while checks are running. This is designed to hide the tech speak from the user.

  

Client detail tab:
The more tech savvy users able to see more detailed information on the individual security checks as they are running.

  

VPN-Q Config Wizard:
The Configuration Wizard for TMG 2010 simplifies the creation and management of all the firewall rules required to allow the VPN Quarantine infrastructure to function.
 

VPN-Q 2010 Server Manager console
The server admin console provides a central location to configure all the required settings within VPN-Q and TMG for all things VPN. The interface gives administrators complete control over how the VPN environment operates, from enabling VPN protocols and managing multiple endpoints to custom branding the VPN client.
   
   
 
System Requirements
Minimum Server System Requirements:
  • Windows Server 2008 x64 (R2 recommended)
  • Microsoft .NET Framework 3.5 (SP1 recommended) or higher
  • Forefront TMG 2010 Standard/Enterprise Edition

Minimum Client System Requirements:

  • Windows 7
  • Windows Vista (SP1 required for Anti-Spyware detection)
  • Windows XP with Service Pack 2
  • Microsoft .NET Framework 2.0 (SP1 recommended) or higher

Languages:

  • The VPN-Q 2009 Client supports multilingual configurations. Current supported languages include:
    • English
    • French
  • The VPN-Q 2009 Server Manager is compatible with multi-lingual versions of Windows Server 2008, however it only available in English. Winfrasoft have tested the Server Manager on the English version of Windows Server 2008 however VPN-Q 2010 is not limited to these languages. ONLY English versions of Forefront TMG are supported.
  

Windows Vista Business
F.A.Q.
Q1: Can VPN-Q 2009 be upgraded to VPN-Q 2010?
A1: Yes, the VPN-Q 2009 client can upgrade over the web to the 2010 version by enabling the upgrade policy setting. The server component can not be direclty upgraded due to the different OS requirements and a fresh install/replacement will be required. See the VPN-Q 2010 Installation and Configuration Guide for further information.

Q2: Can I enforce remote access policies to PC's not in my domain?
A2: Yes, VPN-Q 2010 enforces policies on remote clients based on the rules set at the VPN gateway and does not rely on AD or Group Policy to enforce these settings. AD Group Policy can still be used as per the previous versions, however any policy settings set on the VPN server will take precedence over the AD group policy setting.

Q3: Do I have to restart the management service when I change policy settings?
A3: No, the management service will read the policy from the server each time a client connects, thus there is no need to restart the service.

Q4: Can I allow VPN access to non-Windows client PC's?
A4: Yes. The VPN-Q 2010 client can only be installed on a Windows PC, however the VPN protocols supported by TMG are compatible with non-Windows clients. These clients would not be able to report their health status as there is no client. However you can allow users with non-Windows PC's limited access to specific  sections of the network / protocol spectrum from the Quarantine network. The firewall functionality of TMG can be extremely powerful in these situations.

Q5: How does the licencing for VPN-Q 2010 work?
A5: While licencing issues are usually rigid and complex, VPN-Q 2010 tries to offer a flexible approach. VPN-Q can either be owned (perpetual licence) or rented (subscription licence) depending if you have cap-ex or op-ex budget available. You can also choose between licencing each physical VPN client or per concurrent connection.

Q6: How do I get a licence file for VPN-Q 2010?
A6: A trial licence can be generated during the installation process using the Licence Manager or purchased from Winfrasoft. A licence from a previous version can NOT be used with VPN-Q 2010. All customers with a valid support contract can request a new licence file for VPN-Q 2010 at no extra cost.

For information on the previous version please see the VPN-Q 2009 page.

Pricing
We strive to price our software to be highly competitive. From time to time we run special offers for large deployments, to enquire about these please contact us.

Click here to download the full price list