© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.

Slides:

Advertisements

Similar presentations

What’s New in Fireware XTM v11.9.1

Advertisements

Mike Bayne 15 September 2011

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 5: Configuring Access for Remote Clients and Networks.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

Introduction to XTMv WatchGuard Training.

PowerCenter 8.6 SE Installation and Operational Guidelines.

Terminal Server © N. Ganesan, Ph.D.. Reference Thin-Client Concept Thin-Client concept tutorial.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

VMware vCenter Server Module 4.

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

NORTEL NETWORKS CONFIDENTIAL CallPilot 150 Modem Access Jan 03, 2005 Version 1.5.

Course 201 – Administration, Content Inspection and SSL VPN

Test Review. What is the main advantage to using shadow copies?

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

© 2007 NeoAccel, Inc. NeoAccel SGX Installation Guide Dear Customer: We are pleased to provide you with our training presentation for our SSL VPN-Plus.

Barracuda Load Balancer Server Availability and Scalability.

© 1999 Cobalt Networks, Inc. (\dkh) Cobalt NASRaQ for the Technical Overview.

LANDesk Management Gateway

VPN: An Easy Software / Appliance Solution for Remote Access Robert Gulick, EdD DBA/Technology Trainer Parma City School District

Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.

Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.

Linux: A Wireless Solution Josh Joiner. Agenda Introduction Minimum Hardware Basic Components Steps on setting up a wireless network Security Concerns.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

StoneGate SSL VPN 1.2 Technical Overview

Wireless Networks and the NetSentron By: Darren Critchley.

INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.

What’s New in Fireware v11.9.5

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,

Module 11: Implementing ISA Server 2004 Enterprise Edition.

Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College.

User Access to Router Securing Access.

Remote Access Using Citrix Presentation Server December 6, 2006 Matthew Granger IT665.

© 2005,2009 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.3 Quick Start Guide.

Web Access. Overview  Purpose  Prerequisites  Install Components  Enable Virtual Directories  IIS Configuration & Security  Troubleshooting.

Linux Services Configuration

SonicWALL SSL-VPN Series Easy Secure Remote Access Cafferata Cristiano SE Italia.

Administering Microsoft Windows Server 2003 Chapter 2.

©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security VPN R75 (SecureClient Next Generation)

Installing the ALSMS Software on a Windows Platform Configuration Example Alcatel-Lucent Security Products Configuration Example Series.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

Setting up Client Tunnel Endpoints Lucent Security Products Configuration Example Series.

Virtual Private Network Access for Remote Networks

Barracuda SSL VPN 2012.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Configuring ALSMS Remote Navigation

NFX Q-Port on-boarding guide

HC Hyper-V Module GUI Portal VPS Templates Web Console

Agenda Create certificates for the GlobalProtect Portal, internal gateway, and external gateway. Attach certificates to a SSL-TLS Service Profile. Configure.

Chapter 10: Advanced Cisco Adaptive Security Appliance

Lecture9: Embedded Network Operating System: cisco IOS

Designing IIS Security (IIS – Internet Information Service)

Lecture9: Embedded Network Operating System: cisco IOS

Presentation transcript:

© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide

© 2005,2006 NeoAccel Inc. SSL VPN-Plus A product to make remote access as much as easy and secure for both administrators and users. Wireless/mobile user NeoAccel SSL VPN-Plus Gateway Private Corporate Network A Simple SSL VPN-Plus Solution deployment

© 2005,2006 NeoAccel Inc. SSL VPN-Plus – Components SSL VPN-Plus Gateway Installs on any x86 based hardware, on Linux platform SSL VPN-Plus Management Console Java based console to manage SSL VPN-Plus gateway SSL VPN-Plus Access Terminals Web Access Terminal (Clientless SSL VPN) for web-based application access through browser Quick Access Terminal Client for any TCP client-server and web-based application access without installing any client on user machine Private Hyper Access Terminal Client ( Full Access Client), an IPSec replacement client for full, simple and transparent network connectivity with complete access control

© 2005,2006 NeoAccel Inc. Prerequisites: Hardware X86 based processor Processor speed requirement is decided by required performance and throughput Minimum 256 MB of RAM Size of RAM limits no of concurrent user sessions Hard-disk space Minimum 350 MB for NeoAccel OS installation Minimum 100 MB for SSL VPN-Plus Software Rest of space can be used for logging Crypto Accelerator: Optional Recommended for 500+ concurrent sessions for better performance Network Cards At least one (single ARM mode) Recommended 2 if suits deployment needs

© 2005,2006 NeoAccel Inc. Prerequisites: Software Gateway: Base OS NeoAccel Hardened OS (Based on CentOS distribution)/ Red Hat EL 3 update 1-6 Management Console Require JRE or above on administrator’s PC Access Terminals WAT: IE 5.0 & above, Firefox, NetScape QAT: Windows 2000 family & Windows XP family PHAT: Windows 2000 family & Windows XP family, Red Hat 9.0, Red Hat EL 3, Knoppix, Debian, MAC OSX 10.4

Installation

© 2005,2006 NeoAccel Inc. OS Installation Install NeoAccel Hardened OS using the provided CD (Based on CentOS: RHEL v3). Refer to NHOS specification guide for details about default configuration of OS, like IP address and default access rights If not using NHOS, install RHEL v3 (update 1-6)

© 2005,2006 NeoAccel Inc. OS Installation Install NeoAccel Hardened OS using the provided CD (Based on CentOS: RHEL v3). Refer to NHOS specification guide for details about default configuration of OS, like IP address and default access rights If not using NHOS, install RHEL v3 (update 1-6)

© 2005,2006 NeoAccel Inc. SSL VPN-Plus Installation Upload the build.tgz file on appliance/Linux box Run following commands: tar xzf neoaccel_build2008-redhat.tgz cd neoaccel_build2008_redhat./install_sslvpn-plus Run the./install_sslvpn-plus script After installation is complete, run following two commands to start SSL VPN-Plus gateway service sslvpn-plus start service nmc start

© 2005,2006 NeoAccel Inc. SSL VPN-Plus Licensing NeoAccel runs an online license server to provide license to customers You need SSN (Software Serial Number) and password to get a license from license server To get a license of SSL VPN-Plus, open management console and go to license screen. Follow the instructions on screen to get/update license Please refer to “Licensing guide” for more details.

© 2005,2006 NeoAccel Inc. Deployment Options

© 2005,2006 NeoAccel Inc. Deployment Options…contd. Configure gateway in single ARM mode. (check interface tab in NMC)

© 2005,2006 NeoAccel Inc. Deployment Options…contd. Configure gateway in single ARM mode. (check interface tab in NMC)

© 2005,2006 NeoAccel Inc. Access Management Console Open URL: /sslvpn-plus/nmc/ Example:

© 2005,2006 NeoAccel Inc. Access Management Console..contd Management Console login: Default power-user credentials: admin/admin

© 2005,2006 NeoAccel Inc. Access Management Console..contd Management Console Screenshot

© 2005,2006 NeoAccel Inc. Access User Portal…contd Open URL: /sslvpn-plus/ Example:

© 2005,2006 NeoAccel Inc. Access User Portal…contd User portal

© 2005,2006 NeoAccel Inc. Access User Portal…contd Web based (HTTP) application servers Java based Terminal emulators (Telnet, SSH, RDP, VNC) Shared Folders and Files Secure generic public URL access Full Access Clients (QAT and PHAT) SSL VPN-Plus Portal Mode and available access

Configuration

© 2005,2006 NeoAccel Inc. Configuration Ideology “Who” can access “What” and “How” For each group of users, define what all corporate network resources they can access and configure the method of access for users

© 2005,2006 NeoAccel Inc. Basic Steps Create resources Define all your corporate application servers and network resources you want to make accessible to users Create ACLS Define Access Control Policies to setup fine grain control Do Association Associate the resources and ACLS to a group and the access modes Define your users or authentication method

© 2005,2006 NeoAccel Inc. Step 1: Create Resources Portal Resources Web based application, services or resources user can access from SSL VPN-Plus web portal Network Extension Resources Client-Server based applications, services, resources user can access using QAT or PHAT. Security policy settings for user endpoint machines Two type of resources To configure SSL VPN-Plus access terminals. Each group sees different resources Why to create Resource?

© 2005,2006 NeoAccel Inc. Step 1: Create Resources…contd. Portal Resources This is the pool of resources that users will be able to view and access from web portal. You need to associate them to group to make them available for member users. Web (http/URL) based applications Application Proxy agents/ Terminal emulators Shared files/folders/computers

© 2005,2006 NeoAccel Inc. Step 1: Create Resources…contd. Network Extension Resources These resources are used when users will be accessing client server application off the User portal. These resources are created for PHAT (full access) client and QAT (port forwarding) Client. IP address pool for remote users using PHAT client. Required to assign IP address to remote users to enable full LAN like access. Private networks that you want PHAT client and QAT client (your remote users) to tunnel traffic for. You can control access to specific host or subnet using ACLs. This is for the information of the SSL VPN- Plus Clients to know what traffic they need to tunnel in. Endpoint security and SSL VPN-Plus client’s configuration settings. Enable endpoint cache control and data control from this screen. These are application to WAT, PHAT and QAT Create PHAT client installation package so that your remote users can install PHAT client and connect to SSL VPN-Plus gateway through it.

© 2005,2006 NeoAccel Inc. Step 2: Create ACLs Why ACLs? Controlling access to each resource Fine grained time based and source based control for each resources Access Control List

© 2005,2006 NeoAccel Inc. Step 2: Create ACLs…contd. Create ACLs Create a pool of access control policies here for all of your available resources. Assign a set of these ACLs to each group in appropriate order to give required access. Default access control policy is ALLOW ALL

© 2005,2006 NeoAccel Inc. Step 3: Associate to group What does that means Associating “Resources” means users will be able to see the resources on portal or tunnel traffic for the network extension resources Associating “ACLs” means, users will have access limited to what ACLs are assigned to the group, irrespective of associated resources. Associate (Apply) to group Assign a subset of portal resources, network extension resources and ACLs to facilitate members of this group to start accessing the corporate services.

© 2005,2006 NeoAccel Inc. Step 3: Associate to group…contd. Group Definition screen Create new group on this screen. Associate portal and network extension resources and ACLs. A default group “default_group” is always present.

© 2005,2006 NeoAccel Inc. Step 3: Associate to group…contd. Associate ACLs Add a new group. Select ACLs to apply to this group. The selected set decides the net access available to members of this group.

© 2005,2006 NeoAccel Inc. Step 3: Associate to group…contd. Associate Portal Resources Make sure that you associate appropriate access control policies for these resources. See previous slide (ACL Tab). Select the portal resources that you want your users to see on portal. Whether SSL VPN-Plus gateway will allow access to these resources is decide by ACLs assigned to this group. Configure portal for group members

© 2005,2006 NeoAccel Inc. Step 3: Associate to group…contd. Associate Network Extension Resources Configure PHAT and QAT clients Specify network settings for PHAT (full access) client and QAT (port forwarding) clients. These settings will determine remote user traffic routing. Dynamic IP pool is required only for PHAT client. Private networks are used by both PHAT and QAT client to route SSL VPN traffic. Select this option to enable Hybrid SSL VPN-Plus portal; remote users will be able to access web and client-server applications without any extra step.

© 2005,2006 NeoAccel Inc. Step 4: Define Authentication What all options are available External authentication servers: RADIUS/AD/LDAP Local Database: Local flat file database maintained by SSL VPN-Plus Create or Define Authentication Methods Tell SSL VPN-Plus gateway where your user database is present so that it can authenticate the remote user

© 2005,2006 NeoAccel Inc. Step 4: Define Authentication…contd Local Database User Create a user from management console and specify the group to which it belongs to

© 2005,2006 NeoAccel Inc. Step 4: Define Authentication…contd External Authentication Server Add authentication servers if one already exists in your network

© 2005,2006 NeoAccel Inc. Step 4: Define Authentication…contd Sample Authentication Service Settings

© 2005,2006 NeoAccel Inc. Step 4: Define Authentication…contd Associate Authentication method to server instance Tell SSL VPN-Plus Gateway, which authentication method to use to authenticate incoming users

© 2005,2006 NeoAccel Inc. That’s All! That’s All Open SSL VPN-Plus portal from URL Authenticate using the credentials of local database user or your external auth server Access available resources portal If you need full network access, Install PHAT client and log in using that.