Dell SonicWALL E-Class Secure Remote Access (SRA) Overview Stuart Lisk Sr. Product Manager Matthew Dieckman Product Line Manager

E-Class SRA Overview Mobile VPN delivers granular access control to mission critical resources from any end-point including desktops, laptops, smartphones and tablets for all the popular operating systems including Windows, MAC, Android, and iOS for the enterprise using leading SSL VPN technology.

The Communications Landscape Continues to Evolve Drivers and Trends Business Drivers Reduction in operating costs Focus on TCO Mobilization of the workforce The proliferation of BYOD policies Business expanding globally Compliance Outsourcing growth Gaining competitive advantage Technology Drivers Growth in real-time applications SaaS /Web 2.0 Virtualization of services Data Center consolidation Ubiquity of broadband Proliferation of mobile/tablet devices Rise in IP telephony Endpoint interrogation The Communications Landscape Continues to Evolve

Secure Remote Access Drivers Give all employees remote access solution that is easy to use and deploy. Remote Access Open access to partners to increase collaboration, yet do it in such a way that access control and security is not compromised. Extranet Access The Bring Your Own Device (BYOD) movement has been fueled by the dramatic growth and adoption of mobile platforms. Mobility and BYOD Securing Wireless Networks Many organizations treat users on the wireless network as remote users due to concerns over who has wireless access. During a business disruption, demand for remote access could spike to include the majority of your workforce. Disaster Recovery Remote Access drivers impact ALL employees with both IT-managed and non-managed devices. Here are the primary drivers behind the need for secure remote access: Employees need an easy-to-use solution that enables them to access network resources wherever they are Employees aren’t the only ones who need remote access. Many organizations must provide their partners with secure access to particular resources The use of mobile devices as a productivity enabler has exploded, forcing organizations to address the issues that accompany BYOD Wireless networks also expand network boundaries to help increase productivity. Many organizations treat their wireless users as they do their remote users Disasters disrupt business operations and can prevent employees from getting to the office. This causes a spike in the number of remote users. Finally, many organizations are adopting a “Go Green” philosophy in the workplace which promotes working from home Rising transportation costs and environmental concerns are leading an increase in flexibility regarding working from home. Working ‘Green’

E-Class Secure Remote Access Appliances Dell SonicWALL E-Class SRA Virtual Appliance Dell SonicWALL E-Class SRA EX6000 Dell SonicWALL E-Class SRA EX7000 Dell SonicWALL E-Class SRA EX9000 The Dell SonicWALL Family of E-Class Secure Remote Access Appliances

Dell SonicWALL Aventail Remote Access SSL VPNs Can…. End Point Control™ (EPC™): detects the identity and security state of the end device Unified Policy™: is the enforcement engine, controlling device access so users only access applications they are authorized for Smart Access™ and Smart Tunneling™: are the transport mechanisms, making it easy and secure for users to access all network resources Detect Protect Easy to Use. Easy to Control. Connect

Secure Remote Access Functions Best of Breed Secure Remote Access that ensures the appropriate level of access for any remote access use case Detect Protect Connect Connect Detect what is running on the end point device Protect applications with granular access control based on user identity and device integrity Connect users securely and easily to applications on any device Remote Access Corporate Perimeter Day Extender Dell SonicWALL SSL VPN Solution Traveling Employee Directories Applications Employee Using a Wireless Hotspot LDAP Web Apps Client/Server Apps File Shares Databases VoIP VDI Infrastructure Employee at a Kiosk LDAP Employee Smart Phones/ Tablets AD RADIUS Extranet Access Internal Access Customer/Supplier Behind a Firewall Business Partner from any Browser Internal Users

Detect: End Point Control Dell SonicWALL E-Class SRA End Point Control interrogates managed and non-IT-managed devices prior to connecting to identify the device and determine the overall trust level EPC Device Interrogation Interrogate by Device Profile IT Managed Non-Managed Windows Windows Mobile Macintosh Linux iOS/Android For Device Identity Mapped Directory Windows Domain Membership Device Watermark/ Certificate Any Resident File Windows, Mac, Linux Device ID Mobile Device ID And Device Integrity Anti-Virus Registry Key Windows O/S Level Personal Firewall Anti-Spyware With Data Security Cache Control Secure Desktop WorkPlace Access (Clientless Web Access) Corporate Network VoIP Applications Dell SonicWALL EndPoint Control detects the identity and security state of the end device. It works by interrogating Windows, Macintosh, Linux, iOS, Android and Windows Mobile devices prior to connecting, and it does it on a regular schedule after the connection is established. Device interrogation is done to determine device identity and device integrity. This is measured by comparing what is found on the endpoint device against what administrators have set as requirements. For example, is the device running anti-virus, anti-spyware or personal firewall software? The results of the interrogation can be used to make policy decisions as well as to determine if cache cleaning should be enabled or not. File Shares Traditional Client/Server Applications Connect Access (Client-Installed Access)

Protect: Unified Policy Dell SonicWALL E-Class SRA object-based Unified Policy enables application control via easy to setup and manage access rules, covering all devices types and users. Your Company Employee Community Partner Community Create allow, deny and quarantine rules easily that govern access for all users and devices based on device identity and device integrity Just one rule set enforces access to all resources across all access methods based on who the user is and the trust level for the device Define Trust Level for Users Groups: Sales, Marketing, Executive Groups: Partners Admission Control Define Trust Level for Devices Allow Allow Quarantine Quarantine Deny Deny Access Control List Define What Applications Users/Devices can Access Application: User Trust: Device Trust: CRM App OWA Order Entry Sales, Executive All in Empl. Community Sales, Partners

Protect: User Trust Directory Browsing Dynamic Groups Dual/Stacked Authentication Forms-Based Authentication Virtual Keyboard Password Management One-Time Password Objective of this Slide: Optional slide that details some of the features related to user authentication. Key Speaking Points: The Dell SonicWALL Aventail SSL VPN provides tremendous flexibility in how organizations require users authenticate to the SSL VPN. Users can be segmented into different ‘Realms’, which allows for differing authentication requirements for different sets of users. Directory Browsing: Easily browse to external repositories to determine which users/groups can have access to the SSL VPN Dynamic Groups: Dynamically populates group memberships based on LDAP/AD queries Dual/Stacked Authentication: Allows consecutive authentications (e.g. SecureID Tokens + Username/Password) capturing credentials for Single-Sign On (SSO) to downstream applications Forms-Based Authentication: Administrators can directly configure SSO for forms- based Web applications Virtual Keyboard: Allows authentication credentials to be entered via a virtual keyboard in untrusted environments Password Management: Allows users to change password via the WorkPlace Portal at will or when prompted One Time Password: Generate one-time passwords when an easy-to-distribute, second factor authentication is required when accessing the SSL VPN

Protect: Access Control Single unified policy interface to manage all access across all types of applications and access methods Granular application access control based on who the user is and the trust level for the device Block attachments in Webmail Leverage user variables to provide direct access to user specific file shares and remote desktops Bi-directional access control for added security with remote helpdesk and VoIP Objective of this Slide: Optional slide that details Access Control Key Speaking Points: Access Control within the Dell SonicWALL Aventail solution is where administrators set which applications users can have access to based on how they authenticate and the level of trust established for the device. Admins can also add in day of time access filters (which is ideal for contractors), and they can set conditions to block the downloading of attachments from webmail apps (such as Outlook Web Access). The key points is that administrators can be as open as they want with their policy, or as granular and closed as they want. And the nice thing, unlike competitors that spread policy management across their admin consoles by application type and access agent type, with Dell SonicWALL Aventail the administrator managed policy all from within a single page.

Protect: Virtual Assist SonicWALL Virtual Assist provides organizations with an easy to use remote support tool Remote Employees Technician Virtual Assist is a remote support tool that enables a technician to assume control of a customer’s PC or laptop for the purpose of providing remote technical assistance Supported OS types includes Windows, Mac and Linux How it Works: Technician launches lightweight client to monitor queue or invite a specific customer via email Customer logs on to portal and requests help or accepts the email invitation Meanwhile, a lightweight client is pushed seamlessly through the browser to the Customer Technician sees Customer in queue and requests access to computer Customer gives permission and remote support session begins

Connect: Access from Managed and Unmanaged Devices WorkPlace Access: Access to web-based and client/server applications from virtually any device https://myhomepage.mycompany.com Welcome to the myCompany Remote Access Portal

Connect: WorkPlace Web Portal The Workplace Web Portal provides transparent access for web applications, client/server applications, and file shares Customizable Web portal Personal Bookmarks Multiple WorkPlace sites Smart Access OnDemand Tunnel Native Access Modules WorkPlace Mobile Customizable Web portal displays only links to resources permitted for the user and the device used for access Personal Bookmarks allow users to add their own shortcuts WorkPlace sites allows multiple branded portals for different user communities Smart Access ensures that the optimal method of access is provisioned to the user based on browser type and device type- without the user having to do anything OnDemand Tunnel is integrated as part of the WorkPlace portal, allowing complete application access (including VoIP) through a browser interface Native Access Modules provide access to Citrix, Windows Terminal Services and Vmware View applications directly via the WorkPlace Portal WorkPlace Mobile provides personalized and policy driven Web portal that is optimized for virtually any mobile device browser

Connect: SonicWALL E-Class SRA Connect Tunnel Provides secure policy controlled network access from a Web deployed/delivered Windows, Macintosh or Linux client, providing a complete “in-office” experience. Thin Client/Server Applications Traditional Client/Server Applications Web-based Applications File Shares Easy provisioning End Point Control Split tunneling Auto updating NAT Mode Unified policy Objective of this Slide: Optional slide that provides more detail on the Connect Tunnel agents. Key Speaking Points: The Connect Tunnel agents were designed to provide equivalent or better access capabilities than an IPsec solution for Windows, Mac and Linux devices, providing a great option to standardize all remote access from non IT managed devices and IT managed devices from a single remote access control platform. The Connect Tunnel agents can be configured where each user gets a unique IP address or users can be set up where multiple users share a single IP address (which simplifies configuration). The Connect Tunnel agents can be set up in ‘Split Tunnel’, ‘Redirect All’ and ‘Redirect All with local network access’. The Connect tunnel agents also support redirecting traffic through proxy servers and also can be set up with post connection scripting to auto launch applications after the user establishes their connection. The Connect Tunnel agents supports the same End Point Control interrogation options that are supported through the WorkPlace portal. If a user is classified into a ‘Deny’ or ‘Quarantine’ zone, a Web page containing the ‘Deny’ and ‘Quarantine’ zone messages will be displayed to the Connect Tunnel user. Easy provisioning via the WorkPlace portal or through standard software distribution processes End Point Control to interrogate the device before allowing access and during the connection Split tunneling control for added security, with ‘redirect all’ and ‘redirect all with local network access’ options Auto updating ensures the agent is always in sync with the SSL VPN appliance NAT Mode allows simple configuration for broad user based (no address pools required) Unified policy provides same access control options as the WorkPlace portal, including support for Allow, Quarantine and Deny Zones

Connect: Mobile Connect for iOS Dell Aventail E-Class SRA Appliances Step 1: Download Mobile Connect Step 3: Configure SSL VPN Connection Dell SonicWALL SRA Appliances Step 1: Download Mobile Connect from the App Store. Step 2: Install Mobile Connect on any device running iOS 4.2 or higher. Step 3: Create an SSL VPN policy to existing Dell SonicWALL Aventail E-Class SRA, SRA or Next-Generation Firewall. Note: The configuration will change depending on what type of device is detected during the initial server configuration. Dell SonicWALL Next-Generation Firewalls Step 2:Install Mobile Connect

Connect: Mobile Connect Android Dell SonicWALL Aventail E-Class SRA Appliances Step 1: Download Mobile Connect Step 3: Configure SSL VPN Connection Dell SonicWALL SRA Appliances Step 1: Download Mobile Connect from the Google play store. Step 2: Install Mobile Connect on any Android device running Android 4.0 and higher. Step 3: Create an SSL VPN policy to existing Dell SonicWALL Aventail E-Class SRA, SRA or Next-Generation Firewall. Note: The configuration will change depending on what type of device is detected during the initial server configuration. Dell SonicWALL Next-Generation Firewalls Step 2:Install Mobile Connect

Detect: EPC for iOS/Android Devices EPC options for iOS Determine jailbreak status DeviceID (Based on the UDID of the iOS device) Certificate enforcement OS version control EPC options for Android Determine root status DeviceID (Based on the IMEI of the Android device) Enforcement of anti-virus

Connect: ActiveSync Support for Mobile Devices Mobile ActiveSync support allows access to email, calendar and contacts from a variety of mobile devices through the Dell SonicWALL Aventail SSL VPN Cross-platform support: iPhone, iPad, Android devices, Windows Phone 7, Symbian Clientless Email, Calendar and Contact access through the Dell SonicWALL Aventail SSL VPN - eliminating the need to provide direct access from remote devices to the Exchange server

Dell SonicWALL Aventail Product Overview E-Class Virtual Appliance E-Class SRA EX6000 Target Customer Mid-size Enterprise with up to 5,000 employees Small –to-Midsize Enterprise with 500 to 1,000 employees Concurrent Users Can be licensed with a 5, 10, 25, 50, 100, 250, 500, 1,000, 2,500 or 5,000 concurrent user stackable license Can be licensed with a 5, 10, 25, 50, 100 or 250 concurrent user stackable license Add-On Features Spike License- Allows for the immediate increase of the remote user count in the event of a business disruption Native Access Modules- Optimized access for WTS, VMware View and Citrix applications Advanced EPC- Granular control with easy configuration for trusting end point devices Virtual Assist- Remote desktop help and support tool SonicWALL Aventail Advanced Reporting- robust hierarchical log analysis tool E-Class Support- 24x7 support for E-Class solutions FIPS Support- License required for FIPS mode

Dell SonicWALL Aventail Product Overview E-Class SRA EX7000 E-Class SRA EX9000 Target Customer Mid-to-Large Enterprise with over 1,000 employees Large Enterprise with over 1,000 employees Concurrent Users Can be licensed with a 5, 10, 25, 50, 100, 250, 500, 1,000, 2,500 and 5,000 concurrent user stackable license Can be licensed with a 5, 25, 50, 100, 250, 500, 1,000, 2,500 and 5,000, 7,500, 10,000, 15,000, 20,000 concurrent user stackable license Add-On Features Spike License- Allows for the immediate increase of the remote user count in the event of a business disruption Virtual Assist- Remote desktop help and support tool SonicWALL Aventail Advanced Reporting- robust hierarchical log analysis tool E-Class Support- 24x7 support for E-Class solutions FIPS Support- License required for FIPS mode

Spike Licensing Allows the purchase of temporary capacity increases to be used in the case of an emergency EX Virtual Appliance: ‘Spike’ to 5,000 concurrent users EX6000: ‘Spike’ to 250 concurrent users EX7000: ‘Spike’ to 5,000 concurrent users EX9000: ‘Spike’ to 20,000 concurrent users Spike licenses available for increasing from any user count, including 5-user Lab appliances Spike licenses available in 10-Day and 30-Day increments Supports start and stop, allowing for flexibility in how the license is applied

One Gateway to Meet your Secure Remote Access Needs Dell SonicWALL E-Class SRA is the only SSL VPN that provides one solution with centralized management for all devices, applications, and users, delivering manageability, security, and productivity SonicWALL Aventail® WorkPlace™ Web-based Applications Clientless browser access for Web apps, client/server apps and file shares Unmanaged Devices Kiosk Users Business Partners Teleworkers Smartphone/ Tablet Users File Shares Dell SonicWALL Mobile Connect™ iOS, Android smartphones and tablets Dell SonicWall E-Class SRA Secure Remote Access Thin Client/ Server Applications SonicWALL Aventail® Connect™ A Web-delivered client, for complete network access and unmatched ease-of-use Managed Devices Traditional Client/Server Applications IT-Managed Devices Service Edition: Application-to-Application Internal Users Wireless LANs

Stuart Lisk Sr. Product Manager Matthew Dieckman Product Line Manager Thank you Stuart Lisk Sr. Product Manager Matthew Dieckman Product Line Manager