Watchguard has launched its first ever SSL VPN gateway, based on technology licensed from Citrix.

Aimed at small and medium businesses wanting to support up to 205 people, the WatchGuard Firebox SSL Core VPN Gateway runs Citrix’s Access Gateway software. Customers with larger user numbers will be directed towards Citrix’s enterprise-class software, the company said.

The advantage of using Citrix is that it allows customers to overcome the traditional disadvantage of SSL systems: not being able to run legacy applications. The new box supports all protocols and applications, without modification, including newer applications such as IP voice softphones

Users can connect using one of two modes, "secure access" and "kiosk" mode. With secure access, users can access any network resource or application, while in kiosk mode, security is more locked down, supporting certain web applications, SSH, Citrix’s Remote Desktop, VNC servers and Telnet 3270 mainframe emulation.

"Users will be able to access all their applications and map network drives," said Richard Reid of Watchguard UK. The software checked the standard range of patching and software parameters before allowing network access, including OS version, anti-virus software version, and the state of client firewalling.

The system runs on top of Watchguard’s own Firebox hardware, used elsewhere in its firewalls, which raises the question of whether current customers will be able to run the Citrix-derived software as an upgrade. Reid said the company was looking into providing this feature at a future point in time but would not be drawn on timescales. Current Watchguard Firebox systems would not be able to use the software immediately.

Conversely, customers buying the new SSL VPN product should in theory be able to enable standard Firebox firewall capabilities for the product. Reid indicated that this was being looked at and would likely also be made possible in the future.

For the time being, the Firebox SSL Core VPN Gateway looks as if it is destined to be a standalone product, not integrated into the company’s wider offerings. This is an odd strategy for a company that has hitherto used the uniformity of its hardware as a selling point. Doubtless, the reasoning has to do with licensing or an unspecified technical issue.

The WatchGuard Firebox SSL Core VPN Gateway is available immediately at a cost of $3,190 (£1795) for a 5-tunnel concurrent user pack, and a three-month subscription to the WatchGuard LiveSecurity Service. This can be upgraded to the 205-person maximum of the system increments of 5, 10 or 20 licenses.