Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

F5 Security Products FirePass SSL VPN by znu21902

VIEWS: 95 PAGES: 31

									                       1




F5 Security Products
FirePass SSL VPN

Presented by:
Luuk Dries
l.dries@f5.com
                                                  2




Presentation Topics


    F5 Networks introduction

    SSL VPN market and Trends

    FirePass SSL VPN Base Functional Overview.

    Features and Benefits

   Release 6.0.3 – Sept. 08

   Summary
                                                                                 3




                   F5 Networks: the leader in
                 Application Delivery Networking                Data Center
     Users




Private Users                                                    Microsoft
From Where:    From What:          Application                   SAP
               PC
LAN
Home           Laptop              Delivery                      Oracle
               Home PC                                           IBM
Branch / WAN
Road / WAN
               PDA                 Network                       BEA
               Kiosk
               Mobile
                                                             HTTP /HTML, SIP,
 Public Users                                                RTP, SRTP, RTCP,
From Who:      From What:
               PC
                                                             SMTP, FTP, SFTP,
Customers
Partners       Laptop                                        RTSP, SQL, CIFS,
Suppliers      Home PC                                       MAPI, IIOP, SOAP,
               PDA
Consultants    Kiosk                                         XML etc…
               Mobile

               Business Goal: Achieve these objectives in the most
               operationally efficient manner
                                                                          4




The Application Delivery Market
                     Magic Quadrant for Application
                     Delivery Products, 2008
                     F5 Networks - Strengths
                     • Offers the most feature-rich AP ADC, combined
                       with excellent performance and
                       programmability via iRules and a broad
                       product line.

                     • Strong focus on applications, including long-
                       term relationships with major application
                       vendors, including Microsoft, Oracle and SAP.

                     • Strong balance sheet and cohesive
                       management team with a solid track record for
                       delivering the right products at the right time.

                     •  Strong underlying platform allows easy
                        extensibility to add features.

                     • Support of an increasingly loyal and large
                       group of active developers tuning their
                       applications environments specifically with F5
                       infrastructure.


                       SOURCE: Gartner
                                                                                                                 5




Application Delivery Network
Security is a key technology and Solution component of ADN
         International
         Data Center




 Users                                              Big-IP                                        Applications
                                                                    Secure
                                                     Acceleration   Access       Storage
                     Global     Link       Local     WAN-                        Virtualization
                                                                   FirePass
                      Traffic Controller  Traffic    optimization                Acopia
                                                                   SSL VPN
                     Manager             Manager     Web –
                                                     Acceleration ASM - Web
                                                                  App Firewall


                                                  TMOS
                                             iControl/ iRules

                                         Enterprise Manager
                                                                                                         6




Market Trends
   SSL VPN is becoming the mainstream technology of choice for remote
   access. Key trends and drivers for the SSL VPN market and the potential
   impacts are:

                Market Trend                                      Potential Impact
Consolidation of remote access across the            Need for highly scalable, high performance SSL
enterprise                                           VPNs for ALL remote access needs
Increasing use of mobile devices in the enterprise   Need for remote access from emerging mobile
                                                     device/client Operating Systems
Disaster recovery and business continuity planning   Need for anytime, anywhere access during
                                                     emergencies using SSL VPN technology
Increasing use of wireless LAN in the enterprise     Need for securing access to wireless LAN
for employee and guest access
Securing internal LAN access from un-authorized      Need for high performance access control solution
users and client devices                             to secure internal LAN access
                                                 7




Market Trends

       Enterprise
       •  Anytime/Anywhere Access
       •  Continuous Business Operations
       •  Lower Costs


       IT Staff                      Squeezed


       •  Overworked
       •  Expanding Security Needs


       Users
       •  Reliable and Easy to use
       •  Support for non-Windows machines
       •  More than just webmail
                                                                                                                                  8




     Market Trends

    TheInfopro interview with all 133 Fortune 1000 and midsize enterprise customers

    Top Concerns:
      –    Network security continues to top the list of areas of concern, along with managing growth while keeping costs under
           control, managing network performance under demanding conditions, including addressing the issue of aging
           hardware
                                                                                                                          9




SSL VPN offers Secure Access to Corporate Applications
           Any User                                                                         Authorized
                                                           Granular Access Policies         Applications
          Any Device

                                                                                                       Portal
                                                                                 +                     Access
                                                                                 -
                                  Secured by
                                                                                     -     Microsoft
                                     SSL
 Client Laptop
            Corporate Policy
                                                                                     +     Exchange Server            

                                                         Firewall
                                                                    FirePass®

                                                                                                        Specific
            Kiosk Policy                   Internet                                                     Application
  Kiosk                                                                                                 Access
            Mini browser policy


                                  Corporate Policy
                                                      SSL-VPN BENEFITS
Mobile Device                                                                              Intranet     Network
                                                      •  Browser based ubiquitous access                Access
                                                      •  Lower support & mgmt costs
                           Client PC
                                                      •  Granular access control
                                                      •  Endpoint security
                                                      •  Group Policy Enforcement
                                                        10




Key FirePass Features

   Access Control
     –  Authentication
     –  Authorization
     –  Endpoint Security
     –  Audit


   Application Access Modes ( Connectivity Options )
     –  Network Access
     –  Application Access
     –  Portal Access


   Visual Policy Management


   Clustering & Failover


   Platforms – SMB to large enterprises
                                                           11




User Authentication with Master Groups


 
   Wide range of Authentication
   –  Active Directory
   –  LDAP
   –  RADIUS
   –  Client Certificates
   –  2-Factor Auth (RSA SecurID and others)
   –  HTTP Forms based and Basic Auth

 
   Authentication based on Group
   –  For e.g., 2-Factor auth for employees, RADIUS auth
      for partners
                                                                                                     12




Simplified Access Policy Management using
Resource Groups
       FirePass Features & Functions

       • Resource Alias – Automated update of access policies based on resource

       • Resource Groups – Drastically reduces changes to individual access policies new 

         resources are added/modified

       • Enterprise Integration – Integration with AD, RADIUS, LDAP, Citrix MetaFrame etc.



      Multiple User Groups
               Multiple Resources
       Business Benefit:   

                                               Corporate
          

                                                                   • Simplification by reducing 

                                             Resource Group

                                                                     configuration changes

                                                HR Application
    

                                                                   • Automated policy updates 

                                                                     via Instant Access Policy 

                                                                     Provisioning 

                                                     Intranet

         Employee Group
                                           

                                                                   • Adaptable to new 

                                                   Microsoft
                                                                     business needs

                                                   Exchange
                                                                   

                                                                   • Instantly provision new

                                                                     resources 

                                                 Sales

                                             Resource Group
       

                                                                   • Change resources without 

                                                                     having to update individual 

                                                                     access policies

        Sales Dept Group

                                                            13




Strong Endpoint Security
          •  Client Integrity Checking

              – Checks for AV/FW software, OS patch etc.




          •  Protected (Secure) Workspace

             – Prevent accidental file leakage 

          •  Cache Cleaner

             – Clear temp. files, browser cache




          •  Device level authentication

             – Machine certificates

             – Well known process

             – Pre-defined registry entry

                                                                           14




Visual Policy Editor

   Simplified policy management

   Point and click interface to easily define end-point access policies

   Single point of management for FirePass clusters
                                                                        15




Access Modes

   Portal Access
   –  Access to Web applications & portals via FirePass Reverse Proxy
   –  Web based access to email, windows files
   –  Any browser based client device including mobile devices

   Application Access
   –  Access to specific client/server applications (hosts, ports)
   –  Application level audit and access control
   –  Windows 2000/XP/Vista clients

   Network Access
   –  Support for ANY TCP/UDP network applications
   –  Full layer 3 network access (IPSec equivalent)
   –  Broad client support Windows, Mac, Linux, PocketPC &
      SmartPhone
                                                                                                            16




Portal Access
Secure Ubiquitous Access from Any Web-Enabled Device

    Kiosk/Home PC
                                     Corporate Network



         Browser
                                                    • Web

                                                                     • Email

                                                                     • File Servers

                                                Portal Access
                                                                          FirePass®
                          SSL




  Benefits: • Improved productivity                    • Reduced operational costs

 Client support         

      Directory integration
             Application Ready Access

 •  Any web-enabled device
     •  Automated group mapping
        •  OWA 2007, SharePoint 2007, Oracle,
 •  SSL security
               •  SSO integration 
               SAP Portal, Peoplesoft HR Portal etc.

                                                                   •  Wide range of web app content

                                                                                          17




Portal Access
Policy-based security controls
                                            Corporate Network

   Kiosk/Home PC

                                                           • Web

     Cache/Temp File                                       • Email

        Cleanup
                                                           • File Servers
   Protected Workspace               Content Inspection
                                          Engine

                                        Portal Access
                                                               FirePass®
                         SSL




 Benefits: • Enhanced Security

 Public Access Security 
 Reverse proxy

                          
                               Content Inspection

 – Cache cleanup
              – URL obfuscation
         – Block inappropriate traffic

 – Protected workspace
        – Cookie protection
       – Integrated virus scanner

                               – Browser cache control

                                                                                              18




 Portal Access
                                                                                 Web Server

   Next generation reverse proxy            Client
                                                                   FirePass
   –  New and improved HTML and JavaScript                       Reverse Proxy

      Parsing Engines                                 Internet





   Application Ready Access
     –  Outlook Web Access (OWA) 2007
     –  SharePoint 2007
     –  iNotes 7.0
     –  Oracle Portal (3.1) to 10g
     –  PeopleSoft HR Portal 8.1
     –  SAP Portal
     –  ..


   Emerging Web 2.0 Content Support
     –  HTML, Javascript, Java, Flash,
        AJAX
                                                                                      19




Application Access
Secure Extranet or Employee Access

     Partner PC
                                 Corporate Network


                                                               • Terminal Servers

           Browser
                                            • Legacy Hosts

                                                               • Citrix

                                                               • Client/Server

                                                                 Applications
                                       Application Access
                                                                 FirePass®
                 SSL VPN Tunnel





  Benefits: • Strong Security          • Application-level auditing


 Client support               Restricted access             Detailed logging
 – Standard web browsers      – Defined applications        – Session details
 – Java/ActiveX capable       – No network connection       – Specific applications
                                                                                                               20




FirePass Network Access               ®



Extend Corporate Network to Employees from Corporate Device

  Corporate Laptop
                                                  Corporate Network



                Browser

                                                                                            Microsoft
                                                                                            Exchange Server

                                                         Network Access
                                                                                       FirePass®
                        SSL VPN Tunnel




Benefits:             • Increased productivity                       • Reduced operational costs

 Client support                   

      Enterprise integration
              Application access

 •  Windows Vista, XP, 2000
              •  Automated deployment
             •  Any Internet connection      

 •  Windows Mobile 5 & 6 
                •  Centralized policies

 (Pocket PC & Smartphone)
                                                     •  Any IP-based application 

                                          •  VLAN Support

 •  Linux
                                                                     •  Optimization


 •  Mac (incl. Intel based Mac)   

                                                                                         21



FirePass Network Access   ®



Endpoint Security Features


                                                                             

                                                                          Full
                                        FirePass®
                      Network





                                                                        Quarantine

                                                                         Network

                                                                        Please update

                                                                                    

                                                                        your machine!




   Benefits: • Strong Security                • Protection against attacks


Deep integrity check                        Quarantine policy support
•  Specific antivirus / FW checks           •  Ensure policy compliance
•  Registry, client cert, file checks       •  Automatic direction to quarantine
•  Windows OS patch levels
                                                                         22




Desktop / Laptop Client OS Support




 •  Intel Macs           •  Vista 64 bit         •  XP 64 bit
 •  Client/Server Apps   •  Client/Server Apps   •  Client/Server Apps
 •  Web based Apps       •  Web based Apps       •  Web based Apps
 •  Web based Files      •  Web based Files      •  Web based Files
                23




Customization
                                                                                    24



FirePass Provides Enterprise
Class Scale and Availability
Scalability

   Supports up to 2,000 concurrent
                                        “The reliability is very good. The
    users per device
                                        FirePass boxes have been running

   Support up to 20,000 users per      flawlessly for about a year now”
    cluster                                 - Salvatore Ranazzisi, Global Network
                                            Architect, Organon Pharmaceuticals


Availability

   Out of the box clustering (no 3rd
    party products required)            “FirePass failover capability is

   Built in load-balancing             excellent. ”
                                            - Joseph Girodo, Group Manager, Sports

   Optimized integration with F5           Authority
    traffic management products

   Redundant Hardware and
    Software Options Available
                                                                25




  FirePass Clustering
                 US          
   Cluster Nodes can be
                                 located anywhere
Cluster master
                             
   Policy, Resource, Access
                                 information is distributed
                                 –  Logs are centralized
                      EMEA
                             
   IP config is not distributed
                                 –  IP, DNS, Routes are local to
                                    cluster
                                 –  For example, the same
                                    RADIUS server can be
                                    defined identically but will
                                    resolve differently

     APAC
                                                               26




FirePass 6.0.3 Key Feature Summary
 (Released September 2008)

  
    Support for FullArmor Group Policy Anywhere functions
  
    Protected Workspace enhancements
  
    Java bases AppTunnels and terminal services
  
    FirePass Reverse Proxy enhancements
  
    Windows Vista SP1 and Windows XP 3 support
  
    MAC Intel client 10.5 support and enhancements
  
    Standalone client enhancements
  
    Product serviceability, guide, and online help
       improvements
                                                          27




Group Policy for Remote & Mobile Users
                      
   Extend Group Policy to non-
                          Domain endpoints.

                      
   Protects against loss of
                          sensitive data.

                      
   Regulatory concerns?
                          Comply with HIPAA, PCI &
                          GLBA.

                      
   Integrated with Visual Policy
                          Editor for easy deployment.
                                28




Improving the User Experience
                                                           29




Enhanced Mobile User Support
        “Holy cow!! Forget MobileMe, I now have my
        entire work calendar on my iPhone so I can
        manage my work and personal life much
        better. It also worked extremely well for mail.”

                          — F5 Beta Tester Feedback
                                                    30




Key Differentiators

   Best Endpoint Security Solution
   –  Protected Workspace and Cache Cleaner
   –  OS and AV inspection
   –  Group Policy Templates


   Broader Client & Application Interoperability
   –  Windows, iMac and Linux
   –  iPhone and WinMobile Devices
   –  Browser based and standalone clients


   Simplified Management and Deployment
   –  Visual Policy Editor
   –  Integration with BIG-IP GTM
31

								
To top