Winfrasoft VPN-Q 2008
 
VPN-Q 2010 is now available and supports TMG 2010.

Following the success of VPN-Q 2006, VPN-Q 2009 brings remote access NAP/NAC Quarantine to the next level! VPN-Q 2009 maintains the same key benefits of the previous version and introduces new functionality and features that our customers have asked for. VPN-Q 2009 also introduces a new member to the lineup - the Express Edition!

VPN-Q 2009 helps secure your VPN connections by checking the health state of remote endpoint client  PC's while they are isolated in a quarantine network. Threats from viruses, worms, hackers and malicious users are everywhere, by ensuring that remote PC's connecting to your network have up-to-date anti virus software, a personal firewall enabled and patches installed (to name a few features) these threats can be significantly reduced.

Get the Datasheet Get the Case Study
 
Download Now Online Demo
 
 On this page...

VPN-Q 2009 has earned the “Compatible with Windows 7" logo.

  

VPN-Q 2009 has earned the “Works with Windows Vista™” logo.
 
Feature Set

The following tables detail the various features of VPN-Q 2009 by edition:

Security Check \ Edition Express Edition Enterprise Edition
Anti-Virus Scanner status and up to date check Yes Yes
Minimum operating system and service pack level Yes Yes
AD Computer group membership Yes Yes
Automatic Updates status (Patch settings) No Yes
Security Update status (Missing patches) No Yes
Windows IP Routing status No Yes
Screen Saver Security settings No Yes
Windows Firewall status No Yes
3rd Party Personal Firewall status No Yes
Windows Firewall F&P Sharing exception status No Yes
Internet Connection Sharing status No Yes
Custom security checks via signed script No Yes
 
Other Feature \ Edition Express Edition Enterprise Edition
Built on Microsoft .NET 2.0 managed code Yes Yes
Authenticode signed binaries Yes Yes
Support for 32-bit and 64-bit Windows 7, Vista and XP Yes Yes
Multiple VPN endpoints from a single dialer Yes Yes
Native Smart Card, RSA SecurID, Aladdin, Gemalto Protiva, SecurEnvoy SecureAccess and Vasco VACMAN authentication Yes Yes
Restrict specific AV / Firewall product Yes Yes
Custom VPN client branding Yes Yes
Flexible VPN client  configuration and customisation Yes Yes
Easier licensing implementation and models Yes Yes
Faster client side security checking Yes Yes
Run patch scan always, weekly or monthly No Yes
 
Management \ Edition Express Edition Enterprise Edition
Manual and Auto pre-shared keys for IPSec Yes Yes
Policy enforcement on non-domain joined VPN clients Yes Yes
Central Management of policy via Active Directory or ISA Server Limited Yes
Central Logging Limited Yes
Run custom action scripts before and after quarantine release No Yes
Legal Notices and policy compliance No Yes
Remediation capabilities No Yes
Windows Software Update Services (WSUS) Integration No Yes

 

What's new in VPN-Q 2009

Included in VPN-Q 2009 is a new quarantine service which removes the dependency on the Microsoft RQS service. The new Winfrasoft VPN-Q 2009 Management Service allows for many new features which were not previously possible due to restrictions of the legacy Microsoft RQS service. Because the services are totally separate, migration from 2006 to 2009 is made easy as they can both co-exist on the same ISA server, making it easy to gradually upgrade your VPN clients.

The licence file is no longer included in the client setup package, which makes it easier to change licence files and also helps to prevent licence file theft. To reduce activation connectivity issues, the new quarantine service will process activation requests with our activation server so that the VPN clients no longer need to do this directly. The new quarantine service also acts a policy server, the new VPN-Q client receives its policy directly from the ISA server and does not require AD group policy. This means that unmanaged & non-domain joined PC's must also now conform to your VPN security policy. You can still make use of AD group policy if you wish, but any setting explicitly set on the VPN server will take priority.

AD computer groups can also be used to restrict which PC's are allowed to be used for VPN access - not just users. Simply create an AD group containing computer accounts and tell VPN-Q which group to use. If a VPN connection is not made from a PC in that group they will not be able to clear quarantine regardless of their health state. Manual computer objects can also be created in AD for non-domain joined PC's by specifying the PC's hardware GUID.

Whitepapers and Datasheets
VPN-Q 2009 Installation and Configuration Guide

 
VPN-Q 2009 Solution Overview
VPN-Q 2009 Technical Datasheet
"Releasing VPN Quarantine Users with VPN-Q 2006" by Dr. Thomas Shinder of ISAServer.org.
Click here for original web publication.
"Achieving Regulatory Compliance for remote access with VPN-Q 2006" by Winfrasoft.
"IPsec VPN with quarantine vs. SSL VPN" by Winfrasoft.
"10 reasons to use ISA Server 2004 as your remote access VPN server and VPN gateway" by Dr. Thomas Shinder of ISAServer.org. Reason number 7 is where VPN-Q comes in!
     

Look and feel

VPN-Q 2009 Client console:
This is the simple and straight forward main interface view the user sees while security checks are running on their PC.

  

Client detail tab:
Users are able to select the Details tab so they can see more detailed information on the individual security checks as they are running.

  

VPN-Q Config Wizard:
The Configuration Wizard for ISA Server 2004/2006 simplifies the creation and management of all the ISA Server rules required to allow the VPN Quarantine infrastructure to function.
 

VPN-Q 2009 Server Manager console
The server admin console provides a central location to configure all the required settings within VPN-Q and ISA Server for all things quarantine. The new UI gives the administrator much greater control over how the VPN environment operates, including allowing for multiple endpoints and custom branding in the VPN client.
   
     
 
System Requirements
Minimum Server System Requirements:
  • Windows Server 2003
  • Microsoft .NET Framework 2.0 (SP1 recommended) or higher
  • ISA Server 2004 or 2006 Standard Edition (optional but recommended) or
  • ISA Server 2004 or 2006 Enterprise Edition (optional but recommended)

Minimum Client System Requirements:

  • Windows 7
  • Windows Vista (including SP2)
  • Windows XP with Service Pack 2 (including SP3)
  • Microsoft .NET Framework 2.0 (SP1 recommended) or higher

Languages:

  • The VPN-Q 2009 Client supports multilingual configurations. Current supported languages include:
    • English
    • French
  • The VPN-Q 2009 Server Manager is compatible with multi-lingual versions of Windows Server 2003, however it only available in English. Winfrasoft have tested the Server Manager on the English & German versions of Windows Server 2003 SP1, however VPN-Q 2009 is not limited to these languages. Non-English versions of ISA Server are not supported.
  

Windows Vista Business
F.A.Q.
Q1: Can VPN-Q 2009 be installed on the same ISA Server as VPN-Q 2006?
A1: Yes, VPN-Q 2006 and 2009 can operate on the same server at the same time. This side by side deployment is a recommended upgrade strategy which allows time for VPN clients to be upgraded without leaving users with no connectivity. During the installation of VPN-Q 2009 the ISA server rules are upgraded to the new format although the rules required for VPN-Q 2006 to function remain in place.

Q2: Do I have to use Active Directory Group Policy to configure VPN-Q 2009 client settings?
A2: No, VPN-Q 2009 has its own management service which enforces policy on remote VPN clients without the need to use Active Directory. This allows the VPN server policy to be enforced on non-domain joined clients, or on clients which are a member of a non-trusted domain. AD Group Policy can still be used as per the previous version, however any policy settings set on the VPN server will take precedence over the AD group policy setting.

Q3: Do I have to restart the management service when I change policy settings?
A3: No, the management service will read the policy from the server each time a client connects, thus there is no need to restart the service.

Q4: Does VPN-Q 2009 support .NET Framework 1.1?
A4: No, VPN-Q 2009 requires a minimum of .NET Framework 2.0 to take advantage of new features, better security and performance.

Q5: Does VPN-Q 2009 support Windows RRAS?
A5: No, VPN-Q 2009, unlike its previous version, does not support Windows RRAS. VPN-Q 2009 requires Microsoft ISA Server 2004, 2006 or IAG 2007. Customer feedback told us that the vast majority of VPN-Q installations used ISA Server for the extra functionality and enhanced security, as such we have focused our attention on this deployment scenario.

Q6: Where do I get a licence file for VPN-Q 2009 from? Can I use the licence from VPN-Q 2006?
A6: A trial licence can be generated during the installation process using the Licence Manager or purchased from Winfrasoft. A licence from VPN-Q 2006 can NOT be used with VPN-Q 2009. All VPN-Q 2006 customers with a valid support contract can request a new licence key for VPN-Q 2009 at no extra cost.

For information on the previous version please see the VPN-Q 2006 page.

Pricing
We strive to price our software to be highly competitive. From time to time we run special offers for large deployments, to enquire about these please contact us.

Click here to download the full price list